Performing Authentication Using LLDAP
Hi All,
I am trying to perform Authentication using LLDAP wherein I am using a LDAP configured on a remote server to perform authentication.
Can anyone please help me with the steps to be followed for changing the authentication from TMA to LLDAP ?
The steps provided in the knowledge center only covers how to change the authentication in Taskmaster Server Manager (Datacap 9.0).
But I do not get how one login once the authentication is changed.
Regards,
Akash
Hi Akash,
I think you won't need the suffix .dou.com on the group name in Taskmaster. This is necessary in LDAP but not in LLLDAP. Try renaming the Group to fdrfdev_ts_team, save the group, log out, restart the Datacap Server service and then try logging in again.
Shaun
For LLLDAP, you don't need to append the domain name to the group name. The group name in Taskmaster should match exactly to the group name in your directory server.
From the logs, it actually appears that the directory provider did not return any groups. Could be a problem with the groupmembershipsearchfilter and/or groupsearchfilter.
Groupsearchfilter is a query that is supposed to return all relevant groups and membershipsearchfilter is supposed to return groups that user is a member of.
You might want to try those two LDAP queries outside of Datacap in something like LDP.exe or LDAP Browser, etc. to see if they return expected results.
Thanks Shaun and jfernan for you replies!!!
I have removed the domain name from the group in Taskmaster.
I used LDP.EXE and I was actually able to search for the user and group from my LDAP with the above search filters:
USER:
***Searching...
ldap_search_s(ld, "o=dou.com", 1, "(&(objectClass=person)(uid=fdrfdev_user1))", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: uid=fdrfdev_user1,o=dou.com
4> objectClass: top; person; organizationalPerson; inetOrgPerson;
1> cn: fdrfdev_user1;
GROUP :
***Searching...
ldap_search_s(ld, "o=dou.com", 2, "(|(&(objectclass=groupOfNames)(member=uid=fdrfdev_user1,o=dou.com))(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=fdrfdev_user1,o=dou.com)))", attrList, 0, &msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: cn=fdrfdev_ts_team,ou=dougroups,o=dou.com
3> objectClass: ibm-nestedGroup; groupOfUniqueNames; top;
2> ou: memberlist; dougroups;
1> cn: fdrfdev_ts_team;
For searching groups, I have to check the subtree option to get the above results.
What I feel at this point is that its unable to match this user group from ldap to the one in taskmaster .
LOGS :
06/01/15 14:39:58.516 1 3de0 <LLLDAP Groups> Taskmaster Group Authentication selected.
06/01/15 14:39:58.516 1 3de0 <LLLDAP Groups> Number of Groups Found "0".
06/01/15 14:39:58.516 4 3de0 <ITMA> Authenticator reported the user belongs to 0 groups
06/01/15 14:39:58.516 4 3de0 <ITMA> Login fails. Couldn't find matching Taskmaster group
Do you think is there some thing which can be missing from taskmaster settings ? I am using Datacap 9.0 if I have not mentioned it before.
Again, Thanks a lot for your help !
Regards,
Akash