10 Replies Latest reply: May 27, 2009 1:57 PM by shujaatsyed7 RSS

    LDAP setup for user authentication

      I am trying to setup my New Directory for LDAP settings. I have tried lots of different values, but the "test server" button always returns the "Unable to connect to service" error. I'm having a hard time finding any documentation describing how to get this working. I want Form Manager to be able to use LDAP to automatically authenticate my users.

      The screen I am referring to is under LiveCycle Administrator, Home > Settings > User Management > Domain Management > New Enterprise Domain.

      If anyone has experience setting this up, please try to describe what is required in the fields. I am particularly interested in the User and Group settings.

      I have used the LDP.exe tool that comes on the Windows 2003 CD with the support tools. It connects to my LDAP just fine.

      Thanks,
      Duncan Campbell
      Xcellerate IT
        • 1. Re: LDAP setup for user authentication
          Community Member
          <Duncan_Campbell@adobeforums.com> ha scritto nel messaggio <br />news:3bbe2adc.-1@webx.la2eafNXanI...<br />>I am trying to setup my New Directory for LDAP settings. I have tried lots <br />>of different values, but the "test server" button always returns the <br />>"Unable to connect to service" error. I'm having a hard time finding any <br />>documentation describing how to get this working. I want Form Manager to be <br />>able to use LDAP to automatically authenticate my users.<br />><br />> The screen I am referring to is under LiveCycle Administrator, Home > <br />> Settings > User Management > Domain Management > New Enterprise Domain.<br />><br />> If anyone has experience setting this up, please try to describe what is <br />> required in the fields. I am particularly interested in the User and Group <br />> settings.<br />><br />> I have used the LDP.exe tool that comes on the Windows 2003 CD with the <br />> support tools. It connects to my LDAP just fine.<br />><br />> Thanks,<br />> Duncan Campbell<br />> Xcellerate IT<br /><br />Select the kind of LDAP settings related to the program you are using <br />(Active Directory on Windows 2000, or on Windows 2003, or Sun LDAP).<br />First of all, write the ip of the machine in which you have Active Directory <br />installed and configured.<br />If you receive this message again, then try to ping this ip in order to <br />understand if you can reach this machine.<br /><br />Then, you have to write the credential: usually, this is something as <br />CN=Administrator, CN=Users, DC=domainname, DC=com (or local)<br /><br />Then you have to write the base dn search criteria both for users and for <br />groups.<br /><br />Use LDAP Query Browser if you don't know well LDAP.<br /><br />Ciao,<br />Alessio (a.k.a. Kinglion Il Meticcio)
          • 2. Re: LDAP setup for user authentication
            Community Member
            I managed to get my LDAP to work by having my server and binding user name right.

            My server is something like "computername.mydomain.com"
            and my user is "Administrator@mydomain.com"
            I had to enter the password for the Windows administrator account I was logged in as.

            It works!

            Now get this:
            Originally my Directory synchronization clobbered by administrator account and noone had admin rights and I was locked out of admin.
            Now that I re-installed everything and I have LDAP working, I performed my sync and gave admin rights to people (including administrator) in LiveCycle. For some reason my administrator account in LiveCycle is marked with a TYPE of LOCAL and it is not authenticating against LDAP. Everyone else has a TYPE of ENTERPRISE and they are authenticating. Why wasn't the administrator account overwritten during the sync process?

            I wish I knew what LiveCycle is thinking. One minute it overwrites my admin account and locks me out, the next minute it leaves it alone. The help under the "User Management Help" button leaves much to be desired.

            Duncan Campbell
            Xcellerate IT
            • 3. Re: LDAP setup for user authentication
              Hi, i am not able to connect to my server.
              everytime i try to connect i get the message unable to "connect to service"

              for server i typed the id of it. i can ping the server

              my servers name is armstrong.jazz.ent
              the domain is jazz.ent
              it is windows 2003 server

              how do the user settings look like?
              how do "BASE DN" look like.

              please help
              • 4. Re: LDAP setup for user authentication
                Community Member
                Those settings are completely dependant on your specific LDAP implementation. An LDAP browser like the one from Softerra can be a useful tool in figuring out what these are in your case. The best way would be to ask your LDAP admin.

                Chris
                Adobe Enterprise Developer Support
                • 5. Re: LDAP setup for user authentication
                  Community Member
                  Hi,

                  I too receive the same error - "Unable to connect to service"
                  The error log is as follows -

                  ERROR [LDAPDirectoryPrincipalProviderImpl] UserM:LDAP_TEST:
                  [Thread: http-0.0.0.0-8080-Processor25, hc: 14418746 ]testConfiguration failed:
                  com.adobe.idp.um.spi.directoryservices.DirectoryProviderConfig@14461a1com.adobe.
                  idp.common.errors.exception.IDPSystemException: null

                  Here are my settings (under LiveCycle Administrator, Home > Settings > User Management > Domain Management > New Enterprise Domain )-
                  ----------------------------------------------------------------

                  Server - My LDAP Server IP (i can ping it from my machine)
                  Port - 389
                  SSL - No
                  Binding:
                  User - username@mydomain.com
                  password - ******

                  User Setting:
                  Unique identifier - dn
                  Base DN - mydomain.com
                  All other fields I keep as default

                  Group Setting:
                  Unique identifier - dn
                  Base DN - mydomain.com
                  All other fields I keep as default

                  Can anybody guide me where I am going wrong.

                  Thanks and regards,
                  Shivajiv.
                  • 6. Re: LDAP setup for user authentication
                    HowardTreisman Community Member
                    Hi
                    Your base DN and username fields need to be LDAP names, not generic ones. The easiest way to work out what to use is to download Softerra LDAP browser, and use that to work out what all the settings are.
                    Your Network Administrator might also be able to help.

                    Howard
                    http://www.avoka.com
                    • 7. Re: LDAP setup for user authentication
                      Community Member
                      Thanks for the suggestion Howard.. I was finally able to set up LDAP :)

                      For others -

                      I am using following settings -

                      Server - My LDAP server's IP
                      Port - 389
                      SSL = No
                      Name = user@MyDomain.com
                      Password = Above users password in the LDAP server
                      Base DN = CN=Users, DC=MyDomain, DC=com

                      Thanks and regards,
                      Shivajiv.
                      • 8. Re: LDAP setup for user authentication
                        Just so I'm following this, I need to add the users or groups from my Windows 2003 AD to LiveCycle in order for them to have roles withing LiveCycle.

                        Is there no way I can create users and groups without linking them to AD?
                        • 9. Re: LDAP setup for user authentication
                          HowardTreisman Community Member
                          You can create local users and groups using QPACs that you can download from:
                          http://www.avoka.com/Avoka/qpac_library.shtml
                          Howard
                          • 10. LDAP setup for user authentication
                            shujaatsyed7 Community Member

                            Hello

                             

                             

                                 I need help in LDAP authenitcation, I am not sure about my LDAP starting sting and each time I am getting varification failed in cold Fusion LDAP wizard and I have tried alot of thing and all vain.

                             

                             

                                 I have also installed SOFTERRA LDAP BROWSER but the information taken from there like "o=Disney" and "CN=Syed Mehboob(My name)"  does not work esither, and lets suppose my company name is "Disney.world.com" ,does that have to do any thing with starting string syntax of LDAP?I am also attaching LDAP sting for your help.

                             

                             

                            memberOf: CN=Disney New York,OU=User Groups,DC=Dinsey,DC=brands,DC=com

                            name: Mehboob, Syed

                            msExchHomeServerName:         /o=Disney/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Disneyworld

                             

                             

                            I am attaching a screenshot and hopefully that help to understand my issue and if any one can help me to locate "opening string" or "authenticate LDAP" that would be really appreciated. 

                             

                            PEASE REFER TO ATTACHED PICTURE