Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Microsoft Active Directory LDAP Attributes

Posted on 2013-12-02
5
Medium Priority
?
710 Views
Last Modified: 2014-01-12
I am working on integrating an application called GE Centricity Business with my Microsoft Windows 2008 Active Directory.  I got most of it working except for a conditional statement.  Here's what part of the config file looks like.  I have underlined the parts that are not working.  

Basically it's the part that has the "memberof" statement.  If I remove the condition "memberof" statement, then it works just fine.  (i.e. I can authenticate to Active Directory and I'm able to login to the application)

I'm thinking it has something to do with the attribute map I'm using.

      <AttributeMap>
            <UserID>sAMAccountName</UserID>
            <LastName>sn</LastName>
            <FirstName>givenName</FirstName>
            <memberOf>memberOf</memberOf>
            <Email>email</Email>
      </AttributeMap>
      <AttributeOverride>
            <Password></Password>
      </AttributeOverride>
      <AttributeDefault>
            <Condition memberOf="cn=CBScheduling,ou=CB,dc=test,dc=com">
                 <IDXWF_RoleID Add="Y">CBScheduling</IDXWF_RoleID>
           </Condition>
            <Condition memberOf="cn=CBAdmins,ou=CB,dc=test,dc=com">
                  <IDXWF_DefaultSystemID>IDXWFAdm</IDXWF_DefaultSystemID>
            </Condition>
            <IDXWF_DefaultSystemID>DCIP_TEST</IDXWF_DefaultSystemID>
      </AttributeDefault>
      <SearchBase>dc=test,dc=com</SearchBase>
      <Filter></Filter>
      <AuthErrorMap>
            <Message contains="data 52e,">(LDAP) Invalid password</Message>
            <Message contains="data 533,">(LDAP2) Account disabled</Message>
            <Message contains="data 773,">(LDAP) Password expired</Message>
      </AuthErrorMap>
      <UserNotFoundMessage>(LDAP) Incorrect username and/or password</UserNotFoundMessage>
      <NoPermissionMessage>(LDAP) You do not have access to this application</NoPermissionMessage>
      <PostAuthCheck>
            <Prevent accountDisabled="true">(LDAP3) Account disabled</Prevent>
      </PostAuthCheck>
0
Comment
Question by:Florescu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39691149
Did you try placing the quotes before memberof

 <Condition "memberOf=cn=CBAdmins,ou=CB,dc=test,dc=com">

Thanks

Mike
0
 

Author Comment

by:Florescu
ID: 39691179
That didn't work.  I also tried single quotes and no quotes as well.
0
 
LVL 6

Expert Comment

by:Brad Held
ID: 39737972
So assuming the line(s):
<Condition memberOf="cn=CBAdmins,ou=CB,dc=test,dc=com">
                  <IDXWF_DefaultSystemID>IDXWFAdm</IDXWF_DefaultSystemID>
            </Condition>
works, the next question would be is the distinguishedName of the group CBScheduling correct. If that is correct then I would validate that the role assignment is correct.
<IDXWF_RoleID Add="Y">CBScheduling</IDXWF_RoleID>, one way to test that is to assign the IDXWFAdm role to the first clause assuming that works for the second condition - If that works then its the actual role assignment and not the AD Query causing issues
0
 

Accepted Solution

by:
Florescu earned 0 total points
ID: 39764308
We figured it out, there was a case sensitive issue.  LDAP was wanting everything upper case for some reason.  The GE engineer finally figured it out after some additional testing.
0
 

Author Closing Comment

by:Florescu
ID: 39774550
figured it out on my own
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question