5 Replies Latest reply: Feb 12, 2010 7:59 AM by Kurt48 RSS

    LDAP and Active Directory

      I'm experiencing difficulties in connecting my 2003 Active Directory with Workflow Server. I'm fairly new so any help would be great. Keep getting "unable to connect to service" when i "test server". Thinking it might be something to do with the bind path. I created an adobe user with all admin rights to use as the bind user...

      name cn=adobe_wf, ou=WorkFlow, ou=Users, ou=Empire, dc=pens, dc=xxx, dc=xxx
      password xxxxx

      2006-06-19 03:00:59,998 INFO [org.quartz.core.JobRunShell] Job QUARTZ_JOBGROUP_IDP.DIRSYNC_JOB threw a JobExecutionException:
      org.quartz.JobExecutionException: A full directory sync initiated through a cron setting or a user-initiated `Sync Now' action in the web console failed to start due to some other running job. This exception indicates that the full directory sync will be rescheduled to run as soon as possible.
      atcom.adobe.idp.common.scheduler.DirectorySyncJob.executeSyncInitiate(DirectorySyncJob.jav a:143)
      atcom.adobe.idp.common.scheduler.DirectorySyncJob.execute(DirectorySyncJob.java:89)
      at org.quartz.core.JobRunShell.run(JobRunShell.java:191)
      atorg.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)
      2006-06-19 03:01:00,045 INFO [STDOUT] dbDomain:pens.xxx.xxxisLfalsedbSSSTARTED
      2006-06-19 03:01:00,045 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-4, hc: 17023149 ]---->Sync: Start reading users in domain: pens.xxx.xxx
      2006-06-19 03:01:00,060 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: DefaultQuartzScheduler_Worker-4, hc: 17023149 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13313 errorCodeHEX:0x3401 message:preparing query type search chainedException:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''chainedExceptionMessage:[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] chainedException trace:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''
        • 1. Re: LDAP and Active Directory
          If you were to use an LDAP utility, such as LDAP Browser (http://www.ldapadministrator.com/download/index.php) are your connection settings yielding expected results? You can use this tool to obtain the exact binding information that should be provided.

          Is your version of Active Directory a vanilla deployment or has the schema been modified? If modified, you will need to accommodate for the values you provide in the configuration panel.

          Does your Active Directory Server support anonymous access? If so, you can also use anonymous to confirm connection before providing a specific account for connectivity.

          Cheers,
          Val@Adobe
          • 2. Re: LDAP and Active Directory
            Community Member
            Thanks for the help. The AD is all default settings. I've just installed softerra and the paths match fine. Anonymous access is off by default(I'll have to clear opening it with the higher up). here's what i've got so far.

            server: 10.101.x.x
            port: 389
            SSL: no
            Binding: name: cn=Adobe WF, ou=Adobe Livecycle WF, ou=Users, ou=Empire,
            dc=pens, dc=xxxx, dc=xxx
            password: xxxxxx

            USER SETTINGS
            Unique Identifier: dn
            Base DN: dc=pens, dc=xxxx, dc=xxx
            Everything else is default
            no group settings

            And I'm still getting "unable to connect to service"
            If any other server.log info would help let me know thanks again for the help :)

            2006-06-20 08:29:31,658 INFO [org.apache.xml.security.signature.Reference] Verification successful for URI "#a3c7b920b329c2cf872e1e750e8f9e23"
            2006-06-20 08:29:33,141 INFO [org.apache.xml.security.signature.Reference] Verification successful for URI "#f266177e177763474e1d4a1f6793ddbd"
            2006-06-20 08:29:58,834 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: http-0.0.0.0-8080-Processor21, hc: 24635598 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13313 errorCodeHEX:0x3401 message:preparing query type search chainedException:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''chainedExceptionMessage:[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] chainedException trace:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''
            • 3. Re: LDAP and Active Directory
              Community Member
              I've finally got the server to connect. Now I'm trying to search for users and groups. Is there another step that I'm missing, Because I can't find any users or groups. According to the log the sync went through fine. I am getting a WARNing though. Can someone point me in the right direction. Thanks for the help...

              2006-06-21 10:27:30,511 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13318 errorCodeHEX:0x3406 message:non-dn, so leaving as-is DN:adobe_wf@pens.xxxx.xxx emsg:improperly specified input name: adobe_wf@pens.xxxx.xxx
              2006-06-21 10:27:30,527 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Start reading group members in domain: pens.xxxx.xxx
              2006-06-21 10:27:30,543 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Start searching group members for nested groups in domain: pens.xxxx.xxx
              2006-06-21 10:27:30,543 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Finalizing groups synchronization for domain: pens.xxxx.xxx
              2006-06-21 10:27:31,558 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: pens.xxxx.xxx
              • 4. Re: LDAP and Active Directory
                johnqdaily Community Member
                Have you found a fix for this? I am seeing this now.

                Thanks,

                John
                • 5. Re: LDAP and Active Directory
                  Kurt48

                  We just had this problem this morning.  Suddenly, users cannot log in.  My only guess is that the latest M$ security updates are causing the problem.  A bunch were just installed yesterday.  The server hasn't been rebooted yet.  I'm hoping a reboot will fix the issue.  Did anyone else have this problem with the recent updates?