SSOSMOKETEST Failure after LDAP Bind

Your ldapbind configuration is wrong apparently. I would redo the ldapbind. post the values you used in ldapbind if you need help to check.

If you've done the LDAPBIND, then I believe you will need to make sure the lawson id is setup in AD, and then use that password for the ssosmoketest.

Do I have to back out entirely (import backup SSOP config into ssoconfig) to redo an ldap bind?

It is the safest path, yes, make sure you are working before trying again.

I apologize for such novice questions, but what documentation I have is scarce and I have not attempted an ldap bind before. Thank you for the head's up, restoring old settings and attempting to rebind now.

D:\afclsf2\gen\bin>ldapbind
Please enter the password used for Lawson security utilities:
Export sso services and identites to d:\afclsf2\law\system\SSO_EXPORT_101021150542.xml in case we need to recover
Export finished.
Enter the LDAP provider url to access  (ldap://orldw023:389):ldap://orlaww09.na.convergys.com:3268
Are the LDAP users located in multiple directory containers?  (NO):YES
Enter the search base for LDAPBIND, use %DOMAIN% for domain based search (): (& (NAMING_ATTR=NAMING_ATTR_VALUE)
( objectclass = STRUCTURAL_OBJCLASS_VALUE) )
Enter the LDAP naming attribute to use for searching (cn):sAMAccountName
Enter users LDAP structural object class (inetOrgPerson):person
Choose a referral value for your target entry:
(1) follow
(2) ignore
(3) throw
Existing value  ():1
Choose a deferencing Alias for your namespace:
(1) always
(2) never
(3) finding
(4) searching
Existing value  ():1
Service SSOP_BIND already exists. Continuing to next step...
Enter the DN of an LDAP search user  (CN=Lawson Service,OU=IT,OU=Administrative,OU=TUL,DC=na,DC=convergys,DC=com):
Enter the LDAP search user's password :
Enter the password again for confirmation:
Completed setting search users identity for LDAP bind
Service SSOP is modified.

Above is my latest attempt.  I think I forgot to remove the SSOP_BIND from my services however...

Enter the search base for LDAPBIND, use %DOMAIN% for domain based search (): (& (NAMING_ATTR=NAMING_ATTR_VALUE)( objectclass = STRUCTURAL_OBJCLASS_VALUE) ) <---DC=na,DC=convergys,DC=com

Enter users LDAP structural object class (inetOrgPerson):person <--- your useraccount is showing up as "person" in type? Typical windows AD = "user" type.

Enter the DN of an LDAP search user (CN=Lawson Service,OU=IT,OU=Administrative,OU=TUL,DC=na,DC=convergys,DC=com): <--- DOMAIN\user  (not sure if you can use space in the accountname, I skip all the space on all lawson stuffs)

I made the changes to the search base and structural object class, but am still getting the same error.

Enter the DN of an LDAP search user <--- this account needs to have access to your DC to browse for user. Can you log in to your DC and see if you have the right? (*you can also make this account temporary a domain admin to troubleshoot) | verify the password is correct also. | this account should be your LDAP admin also. | verify if you can use a ldap browser (jxplorer etc) to browse the tree using the account to your DC  orlaww09 via port 3268

I am currently away from the office and will respond to your message when I return. For immediate assistance contact the Help Desk @ x4357
>>> forums-lsf-s3-sys-admin 10/22/10 12:17 >>>

S3 Systems Administration Forum Notification
----------------------------------------------------------------
Posted by:Jimmy Chiu
Date: 10/22/2010 12:15 PM
Subject: RE: SSOSMOKETEST Failure after LDAP Bind
Message:
----------------------------------------------------------------
Enter the DN of an LDAP search user <--- this account needs to have access to your DC to browse for user. Can you log in to your DC and see if you have the right? (*you can also make this account temporary a domain admin to troubleshoot) | verify the password is correct also. | this account should be your LDAP admin also.
----------------------------------------------------------------
To view the complete thread and reply via your browser, please visit:
https://www.lawsonguru.co...c/13679/Default.aspx

Thank you,
LawsonGuru.com

You were sent this email because you opted to receive email notifications when someone posted and/or responded to a message on this forum. To unsubscribe to this thread please visit your user profile page and change your subscription options.

******************************************
The information contained in this message may contain health information that is privileged and confidential and protected from disclosure. The transmitted information is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that State and Federal Law strictly prohibit any dissemination, distribution or copy of this communication. If you have received this communication in error, please notify the sender by replying to this message and delete this message from your computer.

Thank you,
Bethesda Healthcare System

Posted By Jimmy Chiu on 10/22/2010 11:15 AM
Enter the DN of an LDAP search user <--- this account needs to have access to your DC to browse for user. Can you log in to your DC and see if you have the right? (*you can also make this account temporary a domain admin to troubleshoot) | verify the password is correct also. | this account should be your LDAP admin also. | verify if you can use a ldap browser (jxplorer etc) to browse the tree using the account to your DC  orlaww09 via port 3268

Okay, thank you.  I am being called into a meeting but will test these immediately after being set free!

LDAP bind now returning a successful SSOSMOKETEST. The account did not have the access settings required and that's why it was returning that blank message. Just added a user, and am running it through the tests to make sure everything is sitting pretty. Thank you all for the help, it is much appreciated.