SuperUser
 
Posts:26
 |
| 01/14/2005 3:18 PM |
|
Has anyone here integrated LDAP into their Portal instead of manually managing the Portal users manually?
Any information regarding this would be appreciated. |
|
|
|
SuperUser
Posts:26
|
| 01/15/2005 6:20 PM |
|
| Hey Mike, I was trying to figure it out myself on Thursday. I even have CA on site and of course the answer is "Yes, it does it out of the box." Unfortunately, we haven't figured out how either... If you get any addition info please pass it on. |
|
|
|
SuperUser
Posts:26
|
| 01/18/2005 7:57 AM |
|
| What version of Cleverpath are you running ? Under r4.7 it is SUPPOSED to be working. We could not get it to work on the 4.7 Beta. I haven't had time to install the GA 4.7 to see. |
|
|
|
SuperUser
Posts:26
|
| 01/18/2005 9:32 AM |
|
Thanks Chris and Sadhna. The version of Unicenter Portal I'm running is 3.1_110204 and the engine is 4.51 SP1 4.51.001), 20031008_14.
Here is more information on what I would like to accomplish:
We would like to integrate the AD users into Portal and use the existing accounts for portal logins. I was not able to find any indepth documentation to verify portal can do this and am not sure that it will since its running on Apache's web server. Will I also need to configure NTLM authentication? I am attempting to make the accouent creations once (in LDAP) and not have to maintain an additional portal user account.
If you have any docs/information on what the official word is, and how its SUPPOSED to be configured would be most appreciated.
-Mike |
|
|
|
SuperUser
Posts:26
|
| 01/18/2005 9:50 AM |
|
| Same version and needs here too... Any help would be appreciated. |
|
|
|
SuperUser
Posts:26
|
| 01/18/2005 10:29 AM |
|
Chris,
Can you tell me what CA Field Services setup so far? |
|
|
|
SuperUser
Posts:26
|
| 01/18/2005 10:37 AM |
|
| I have CA coming next month to setup 4.7 Cleverpath and LDAP integration is on SOW. If you don't have an answer before that, I'll keep you in the loop. |
|
|
|
SuperUser
Posts:26
|
| 01/19/2005 9:18 AM |
|
I have an issue open with CA and recieved the following in an email:
"There is no step by step guide to help integration between LDAP and UMP. If you would like you can request that by using the suggestion box at supportconnect.ca.com."
So I raised the severity of the issue, as this is unacceptable. We have too many products and too little time to be stuck trying to figure out each integration ourselves. If you have an issue open please raise the severity and you can reference my issue number #13917574. |
|
|
|
SuperUser
Posts:26
|
| 04/11/2005 5:05 PM |
|
| Has anyone gotten this working yet??? we tried at out site and found out that the army does not allow "Strong Authentication" to the AD servers so the ldap wont work from ca-portal. plan b is to use CSV files built from LDP.EXE inquiries, which are manual. |
|
|
|
SuperUser
Posts:26
|
| 04/11/2005 7:00 PM |
|
| I managed to get it working and it is no small task either... I will try and detail the method once I return to the office tomorrow. |
|
|
|
SuperUser
Posts:26
|
| 04/22/2005 9:02 AM |
|
| still waiting chris, we ended up having to use the "CSVDE.EXE" command to extract fields that we could use to build a csv file to upload into the portal. |
|
|
|
SuperUser
Posts:26
|
| 11/07/2005 12:32 PM |
|
OK this has been a long time coming, but this is how I finally got ldap to work with the portal.. This has not been an easy task and other methods are probably much more efficient...
First, you need to understand your ldap environment.. So, from your portal server issue the following command:
ldifde -f ldap.out
If it does not run from your portal server got to an Active Directory Server.
The ldap.out file is basically a text dump of the ldap database and will allow you to find the specific info for your portal to import.
Stop the portal
(This is the most important step to get AD integrated properly)
Edit the following file
(installation directory)\Unicenter Management Portal\properties\ldap.properties
and add the following:
space.sensitive.0=true
case.sensitive.0=true
Start the portal
Open the ldap.out file with a text editor and search for a group name or an individuals name you want to add to the portal...
Once found, you can scroll up and you will find the dn, cn, ou and other info for that group to add to portal.. it should look like this:
dn: CN=resources,OU=Still Living Groups,OU=Strange Groups,dc=Really Strange,dc=people,dc=here
changetype: add
member: CN=Chris Poole,OU=Employees,dc=people,dc=here
this is all the info you should need to import successfully.
Now it is time to configure the portl ldap properties:
enter your ldap (AD) server name: ldap://someserver:389
enter Group Context: OU=Still Living Groups,OU=Strange Groups,dc=Really Strange,dc=people,dc=here
enter Group Filter: (objectclass=group)
enter User attribute: sAMAccountName
enter User Context: OU=Employees,dc=people,dc=here
enter User Filter: (objectclass=user)
enter User Authentication: simple
enter Admin Authentication: simple
enter Admin Principal: Here you must supply the complete ID in AD for the admin account, it should look something like: cn=firstName lastName,ou=service accounts,dc=people,dc=here
enter Admin Credentials: enter the domain password for the admin account.
Set Schedule Interval (minutes)to -1
Select Import for SERVER 1
Then click the update changes button.
Go to manage users and see if your user count has increased, if not check the ldap log file in the (installation directory)\Unicenter Management Portal\logs directory. When you see failure entries like the following you are getting close especially if you get a member count. When you see individual user names you are done...
|
|
|
|