LDAP Login

You don't say how you are trying to log into it. I can see you are using MS ADAM, but that doesn't tell me much. Which tools are you using?

Softerra Ldap Browser 2.6. I have also tried JXplorer. I can get the anonymous login to work. I get to see
CN=Configuration
CN=Schema
CN=losfdev01
....

However I cannot click on lsfdev01 and browse under it as it give me an error. I believe I have the correct password and all it is just complaining about credentials.

Hmmm... Unless you made changes to the characteristics on ADAM, anonymous login does NOT work, so curious as to how you got that to work, unless you indeed did make that change. Also, CN=Configuration shouldn't exist if the instance is an ADAM instance, because ALL ADAM instances have a top-level RDN of CN={GUID-value}. So either you have bad info from your install.cfg (unlikely), or softerra is giving you bogus data.... Can you connect to the RootDSE? If so, what are you getting back as the NamingContexts? Can you query Configuration partition? Can you query the ncName derived attribute for the Lawson RM Partition? What is the exact value you are using for the BindDN?

Also, is Softerra just building a NamingContext list based on entries in the RootDSE (which is also NOT available anonymously), giving you the illusion you are seeing parts of the tree?

For the anonymous login I am just putting in the host and port. The base and credentials is just blank.

For the login with credentials I am using a base of

CN=lsfdev01,DC=prod,DC=bcidaho,DC=loc

For the Credentials I have tried lots and lots of things for the User DN:

I just checked....RootDSE queries don't require Binding, per the RFC (I tested ADAM to be sure MS didn't pull a fast one), BUT to query any other part of the system you DO have to bind. The username is the install.cfg LDAPBINDDN value, the basedn should be install.cfg RMPARENTDN, the password will be the LDAPPASSWORD value.

Sorry I am new to LDAP so I doubt that I am doing a good job of answering your questions.

For Base DN softerra has an option to 'Fetch DBs(only LDAP v.3) This gives me three choices.

CN=Configuration,CN={EBA49BF4-B0E0-4982-8D02-8C8CF462850B} CN=lsfdev01,DC=prod,DC=bcidaho,DC=loc CN=Schema,CN=Configuration,CN={EBA49BF4-B0E0-4982-8D02-8C8CF462850B}

not a problem.... What you are doing looks fine. Did my prior post help you?

Sorry, Yes it did help. Thanks!!! It just hadn't occured to me that the entire LDAPBINDDN value would be the username.

Do you know where the 'Manage Identities' data is stored? This should have things in it like Employee number and company? Or PSA login identities etc.

I do know where it is, but it's not in one place. It depends on what you are trying to accomplish.

<!-- Converted from text/plain format -->

Kwane. I smell an article "LSF9 LDAP structures".
John Henley

I'll come up with some ideas. I teach this as part of a formal class, so I don't want to reduce value of my client's education, but I can come up with something for an article.

check under OU=svcref for the managed identies...

Since Jay is new to the LDAP concepts, I avoided just giving him an 'OU=svcref' RDN, as it will be more confusing than helpful. Also, since his intent wasn't given, using that RDN will not necessarily give him what he's looking for. Jay, give me a call this afternoon, and I'll give you a quick 101 on what you need.

Kwane
954.547.7210

confusion certainly wasn't my intent...I do apologize...

no problem at all...I try to balance giving the correct information, with the intent of the person. As for John, I will try to bang out an article tonight. Is there still space in August 2008?