Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
New AD LDS & Lawson 9.0.1.8 Install error
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
266
Members:
0
Total:
266
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Systems Administration
New AD LDS & Lawson 9.0.1.8 Install error
Please
login
to post a reply.
7 Replies
0
Subscribed to this topic
27 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
mburgett
Basic Member
Posts: 4
8/14/2013 2:04 PM
Greetings,
I am installing Lawson 9.0.1.8 to new Windows 2008 R2 64bit server. I installed AD LDS without any apparent issues, but when I run the Lawson LSFCT.jar install file, I get a "Failed LDAP user validation test" when it attempts to verify the ldap connection.
Is there a good guide out there on what steps need to be completed in order to install AD LDS to work with Lawson?
I have tried every conceivable combination of options for the AD LDS install, and I keep getting basically the same type of authorization errors.
Using the standard 389 port
Running the service with a Network Service Account
I've tried with and without a directory partition
I've tried using a local user and a domain user as the Administrator
I've tried only importing one LDIF vs multiple files. Even tried all of them
I can connect to the instance using ADSI Edit, but I can't connect using a browser like JXplorer. When I create the directory partition, i do see three CN objects named LostAndFound, NTDS Quotas and Roles.
I was able to use the LDP.exe browser utility to connect to the instance, and was able to bind using the admin name and password that I set up during the install.
During the Lawson Install, on the Configuring Resource Management page, I keep getting a validation error.
I am learning the LDAP side of this as well and may very well be missing something obvious. Not to mention, the Lawson Install Guide is really vague.
Any assistance with the proper steps to setup AD LDS would be greatly appreciated.
-Mike
John Henley
Posts: 3353
8/14/2013 3:14 PM
After the instance is created, you need to adjust the schema via ADSI-Edit (against the schema, e.g. CN=Schema, CN=Configuration...)
Need to add:
1. organization into OrganizationalUnit poss-Superiors
2. organizationalUnit into Organization poss-Superiors
If I remember correctly, that is what is causing the validation errors...
Here are some rough notes on creating the LDS/ADAM instance.
Create a new domain user, and add it to the administrators group (i.e. don't just use the lawson account).
Login as that new domain account, and select it (not the network service account) for the service account, and instance setup will add to 'run as service' permission
there is a step in the instance setup where you select user to have admin permissions, select 'currently logged in user'
Create instance as a unique instance (not a replica)
Create with an app directory partition, e.g., ou=lwsn,dc=lwsn,dc=example,dc=com (in other words, keep make it a subset above your normal DC)
For LDIF files, import MS-InetOrgPerson.LDF
After instance is created,
Adjust schema using ADSI-Edit
Need to add:
1. organization into OrganizationalUnit poss-Superiors
2. organizationalUnit into Organization poss-Superiors
add a local LDS/ADAM user into the new instance (not the same as the domain account added previously)
for the new local ADAM user, set the password, change the msDS-UserAccountDisabled attribute from TRUE to FALSE, change set the msDS-UserDontExpirePassword to TRUE, and add the account to the Administrator, Readers, and Users role
mburgett
Basic Member
Posts: 4
8/14/2013 3:37 PM
Wow, I will give this a try.
Thank you for the information!
John House
New Member
Posts: 2
8/15/2013 6:58 PM
John,
Could you give a little more detail on how to adjust the schema with ADSI-Edit to add
1) organization into OrganizationalUnit poss-Superiors
and
2) organizationalUnit into Organization poss-Superiors
I am experiencing a similar problem when running the LSFCT core install configuring Resource Management getting error:
‘User CN=ldapadmin,CN=lwsn,DC=mycompany,DC=com couldn’t write an object of type organization with CN=lwsn,DC=mycompany,DC=com on your server. This may be due to the fact that possible superiors list of the object type “Organization” does not include the object type of your CN=lwsn,DC=mycompany,DC=com’.
ldapadmin is the local ADAM user that has been assigned to the Admistrator, Readers, and Users roles.
John House
New Member
Posts: 2
8/16/2013 3:23 PM
I opened a ticket with Lawson and the support engineer was able to assist.
In my case the solution was to add "container" to the possible Superiors for the organization object class.
To do this create a new session in ADSI edit with a connection point "Schema" on the local computer.
Then locate the object class Organization and right click it and select properties. Then scroll to the poss-Superiors attribute and double-click and add "container".
Click OK --> then Apply.
Stop and restart the ADAM instance.
To verify go back to ADSI Edit but create a new session with a connection point of "Distinquished Name" in my case "cn=lwsn,dc=mycompany,dc=com".
Once connected, right click on the distinquished name and select "New" --> "Object".
"Organization" should now appear in the list of object classes. At this point you can continue with the LSFCT install.
mburgett
Basic Member
Posts: 4
8/20/2013 12:35 PM
Well, I thought I was good to go after following your advice. I can connect to the ldap instance with jxplorer and everyting looks ok.
The installer begins, copies all of the required files and begins to install security. When the installer gets to the part where it tests the RM Configuration, I receive an error. I thought it was a user priviledge error, but I have tried two different admin users and I get the same error.
Note, The installer never reaches "Install LDIF File" as shown on page 34 of the Install Guide.
Detail Snippit:
note: starting ssoconfig
note: ssoconfig finished...
note: creating ldif content
note: skipping generation of ldif file
test: to see if RM is configured properly
Fatal: [install-sec.pl] first part of Security install failed
Activating Lawson Security, RM, and SSO failed.
Activating Lawson Security, RM, and SSO failed.
Errors Occurred During Installation
Log Snippit:
@@ h2 note: ssoconfig finished...
@@ h2 note: creating ldif content
@@ h2 note: skipping generation of ldif file
@@ h2 test: to see if RM is configured properly
Test failed getting RM Context: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=lawtest,DC=armc,DC=prv'
!% create FAILED
Test failed deleting test user idForSmokeTesting9999 during tear down: java.lang.NullPointerException
Stack Trace : java.lang.NullPointerException
at com.lawson.lawrm.api.RMBasicSmokeTest.deleteTestUser(RMBasicSmokeTest.java:395)
at com.lawson.lawrm.api.RMBasicSmokeTest.tearDown(RMBasicSmokeTest.java:426)
at com.lawson.lawrm.api.RMBasicSmokeTest.run(RMBasicSmokeTest.java:201)
at com.lawson.lawrm.api.RMBasicSmokeTest.main(RMBasicSmokeTest.java:268)
Fatal: [install-sec.pl] first part of Security install failed
rmbasicsmoketest failed
Error: Fatal: [install-sec.pl] first part of Security install failed
John Henley
Posts: 3353
8/21/2013 10:54 AM
When you create the instance, what is the DN for the partition?
When you create the local ADAM/LDS user, what is the DN for that user?
When you are installing LSF, and on the 'Configuring Resource Management' dialog, what is the DN you are entering for the 'LDAP Administrator user'?
You need to double-check that you are entering the correct DN for that user, as well as the Windows user you used to create the instance.
Also, make sure the 'LDAP administrator user' is a member of the Administrators role in the instance.
Go back and re-read my instructions, and make sure you really did all of the steps.
mburgett
Basic Member
Posts: 4
8/21/2013 12:17 PM
Greetings John,
I had followed all of your instructions
But I apparently added my own step in there.
Where I screwed up; For some oddball reason I had created the Organization for the RMdata manually. I'm not sure why I did this, but once I deleted that object, the install made it past that error!
I really appreciate your advice and getting me on the right track!
Thank you very much!
Please
login
to post a reply.