Community

LDAP groups not being used

3813
1
10-24-2013 07:40 AM
RobDavies
by
New Contributor
‎10-24-2013 07:40 AM
Hi

We are having problems getting LDAP to work.  We are able to login but cannot get access to the admin tabs, so I believe that the system is just ignoring the groups set up in AD.

Here is a rundown of the LDAP settings in our config file just in case I am missing something obvious.

        <ldapAdapter>
            <ldapConnectionProperties
                providerURL="ldap://********:389"
                initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
                securityAuthentication="simple"
                securityProtocol="">
                <ldapServiceAccount
                    securityPrincipal="CN=gptadmin,CN=Users,DC=********,DC=local"
                    securityCredentials="*******"
                    encrypted="false"
     catalogAdminDN="CN=gptadmin,CN=Users,DC=********,DC=local"/>
            </ldapConnectionProperties>
        
   <singleSignOn
                active="false"
                credentialLocation="userPrincipal"
                anonymousValue=""
                logoutOutcome=""/>
            
            <selfCareSupport
                supportsLogin="true"
                supportsLogout="true"
                supportsUserRegistration="true"
                supportsUserProfileManagement="true"
                supportsPasswordChange="true"
                supportsPasswordRecovery="true"/>

    
            <roles authenticatedUserRequiresRole="true">
                <role
                    key="gptRegisteredUser"
                    resKey="catalog.role.gptRegisteredUser"
        manage="true"
        forbidden="false"
                    groupDN="CN=gpt_registeredusers,CN=Users,DC=********,DC=local"/>
                <role
                    key="gptPublisher"
                    inherits="gptRegisteredUser"
                    resKey="catalog.role.gptPublisher"
        manage="true"
        forbidden="false"
                    groupDN="CN=gpt_publishers,CN=Users,DC=********,DC=local"/>
              <role
                    key="gptAdministrator"
                    inherits="gptPublisher"
                    resKey="catalog.role.gptAdministrator"
        manage="true"
        forbidden="false"
                    groupDN="CN=gpt_administrators,CN=Users,DC=********,DC=local"/>
            </roles>
        
            <users
                displayNameAttribute="sAMAccountName"
                passwordEncryptionAlgorithm="SHA"
                newUserDNPattern="cn={0},CN=Users,DC=********,DC=local"
                usernameSearchPattern="(&amp;(objectclass=person)(sAMAccountName={0}))"
                searchDIT="CN=Users,DC=******,DC=local"/>
                <requiredObjectClasses>
                    <objectClass name="top"/>
                    <objectClass name="person"/>
                    <objectClass name="organizationalPerson"/>
                    <objectClass name="inetOrgPerson"/>
                </requiredObjectClasses>
                <userAttributeMap>
                    <attribute key="username"     ldapName="sAMAccountName"/>
                    <attribute key="password"     ldapName="userPassword"/>
                    <attribute key="email"        ldapName="mail"/>
                    <attribute key="firstName"    ldapName="givenName"/>
                    <attribute key="lastName"     ldapName="sn"/>
                    <attribute key="displayName"  ldapName="displayName"/>
                    <attribute key="organization" ldapName="o"/>
                    <attribute key="affiliation"  ldapName="businessCategory"/>
                    <attribute key="street"       ldapName="street"/>
                    <attribute key="city"         ldapName="l"/>
                    <attribute key="stateOrProv"  ldapName="st"/>
                    <attribute key="postalCode"   ldapName="postalCode"/>
                    <attribute key="country"      ldapName=""/>
                    <attribute key="phone"        ldapName="telephoneNumber"/>
                </userAttributeMap>
            </users>
      
            <groups
                displayNameAttribute="cn"
                dynamicMemberOfGroupsAttribute=""
                dynamicMembersAttribute=""
                memberAttribute="member"
                memberSearchPattern="(&amp;(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))"
                searchDIT="CN=Users,DC=********,DC=local"/>
     
            <!-- 
                <metadataManagementGroup
                    name="Region 1"
                    groupDN="group_distinguished_name"/>
                <metadataManagementGroup
                    name="Region 2"
                    groupDN="group_distinguished_name"/>
            -->
            </groups>
        </ldapAdapter>


Hope someone can help.

Thanks

Rob
0 Kudos
1 Reply
RobDavies
by
New Contributor
‎10-29-2013 12:52 AM
We sorted this one
it was Symantec Endpoint preventing the connections

Rob
0 Kudos