My first LDAP experience

[cnc__guy]

JDEList,

I am trying to setup LDAP with AD (I have never done this before) and I am having issues filling in the 'blanks' in P95928. I am wondering if someone (or more than one 'someone') could send me the values you have in your P95928 setup (either screen shots or just typed - feel free to blank out company info) so that I can compare to mine to see what I am doing wrong.

I feel that my issue is likely with this setup as when I turn on LDAP on my Enterprise Server (changing the jde.ini) I am no longer able to sign-in from my workstations. When I turn LDAP back off, everything works correctly again.

I really appreciate any help or insight you can provide me as like I said, I have never done LDAP before so this is all very new to me.

Thanks,
James

E1 9.0 8.98.41 - SQL Server 2005 - OAS - Windows Server 2003

 

[cnc__guy]

JDEList,

I forgot to add on thing. After I setup my port in the P95928 configuration record to port 6015, it disappears the first time I try to signin after enabling LDAP on the Enterprise (Application) Server.

Anyone seen this before?

Thanks,
James

 

[brother_of_karamazov]

[ QUOTE ]
JDEList,

I am trying to setup LDAP with AD (I have never done this before) and I am having issues filling in the 'blanks' in P95928. I am wondering if someone (or more than one 'someone') could send me the values you have in your P95928 setup (either screen shots or just typed - feel free to blank out company info) so that I can compare to mine to see what I am doing wrong.

I feel that my issue is likely with this setup as when I turn on LDAP on my Enterprise Server (changing the jde.ini) I am no longer able to sign-in from my workstations. When I turn LDAP back off, everything works correctly again.

I really appreciate any help or insight you can provide me as like I said, I have never done LDAP before so this is all very new to me.

Thanks,
James

E1 9.0 8.98.41 - SQL Server 2005 - OAS - Windows Server 2003

[/ QUOTE ]

You should note that P95928|ZJDE0002 has incorrect Processing Option values in 9.0. The ZJDE version is supposed be used to create LDAP configurations while the ZJDE0001 version allows one to create templates. Don't get me start on why Oracle did it this way but they did...and still managed to screw up the PO's. Anyway, I SAR'red this and they are correcting the issue. In the meantime you can edit the PO's of P95928|ZJDE0002 and set the value to '0' for the Mode field.

You also need to move the LDAP tables to the System Data Source and create new OCM mappings for them. https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1080623.1

There are also about 12 other items you need to fix before this piece of garbage is even close to being functional....and I use the term 'functional' very loosely, since Oracle should be embarrassed that they even released this code.

You could do what I did and stop wasting time on this and use Everest Software's SSO solution and save yourself a ton of headaches and frustration.

 

[Alex_Pastuhov]

Please look at our SSO solution as an alternative:
ESI JDE SSO

It uses a radically different approach to SSO and as a result is simpler and easier to setup and operate.

This software is available for a free trial - please, e-mail me directly, if you would like to test it in your environment.

PS: Many thanks to Jeff Stevenson for his evaluation, feedback and support!

 

[cnc__guy]

Thank you everyone for all your responses and suggestions on how to provide an SSO solution. Unfortunately I am not trying to accomplish SSO but rather am working to install Webcenter 11g.

I am afraid I am 'stuck' with trying to get LDAP working with my AD in order to get Webcenter 11g implemented. (I know there are other LDAP options but not for me in this situation.)

If I am way out in left field, please let me know.

Thanks,
James

P.S. I will certainly consider your SSO solution Alex when I get to that point.

 

[brother_of_karamazov]

[ QUOTE ]
Thank you everyone for all your responses and suggestions on how to provide an SSO solution. Unfortunately I am not trying to accomplish SSO but rather am working to install Webcenter 11g.

I am afraid I am 'stuck' with trying to get LDAP working with my AD in order to get Webcenter 11g implemented. (I know there are other LDAP options but not for me in this situation.)

If I am way out in left field, please let me know.

Thanks,
James

P.S. I will certainly consider your SSO solution Alex when I get to that point.

[/ QUOTE ]

Have you tried using version ZJDE0002 with the PO set correctly? My experience was that I *thought* I was creating an LDAP configuration but was in fact, due to the incorrect Processing Option, creating a template.

 

[gigi]

James,
if your target is implement WebCenter (AD authentication) with JDE, you haven't to configure JDE integration with your AD.

1) First of all you have to configure integration beetween WebCenter and Active Directory (you can follow these instruction http://redstack.wordpress.com/2009/07/08/configuring-spaces-to-authenticate-with-active-directory/)
2) If you configured AD with WebCenter when you login on WebCenter and open a JDE portlet, WebCenter send to JDE security server USERID. JDE security server check if this user is defined inside JDE user table (withuout password check).

So you haven't to configure AD in JDE. You should only ensure that user defined in AD are also defined in JDE.
Good luck
gg

 

[nrferrie]

James did you get this working? I'm trying to set this up in our test lab and am having issues too.

I am getting an error when the security kernel is initialized during startup.
"Unable to get the LDAP connection to search user in LDAP"

 

[nrferrie]

[ QUOTE ]
James did you get this working? I'm trying to set this up in our test lab and am having issues too.

I am getting an error when the security kernel is initialized during startup.
"Unable to get the LDAP connection to search user in LDAP"

[/ QUOTE ]

Fixed it! It was a typo in LDAP Server Attribute Values. USRSRCHBAS should be cn=users, dc=<domain name>, dc=<domain suffix>

 

[cdawes]

My young padowin is very learn'ed.

The force is strong with you, but beware the dark side.