12 Replies Latest reply on Jul 29, 2013 3:01 AM by shailesh08

    CQ5 as Windows Service with LDAP Authentication

    great98

      CQ5 as Windows Service with LDAP Authentication

      1 Introduction

       

      • LDAP:  Lightweight Directory Access Protocol
      • Used for accessing centralized directory services.
      • LDAP is often used to achieve Single Sign On which allows a user to access multiple applications after logging in once.


      2 Steps

       

      1.    Install LDAP server,

      1)    Double click the file(Download from apache website first)

      ApacheDirectoryStudio-win32-x86_<architecture>-<version>

      2)    After start the system, Create a new server (CQ5LDAP)

      New-New Server

      3)    Add group and users and save them

      Name: Adobe

      Suffix: ou=groups, dc=adobe, dc=com)

      Name: Adobe2

      Suffix: ou=users, dc=adobe, dc=com)

      4)    Start the server

      5)    Create a new connection (CQ5LDAP)

      Connection name: CQ5LDAP

      Hostname: localhost

      Port: 10389

       

      6)    Fill in the Authentication information

      Bind DNor user: uid=admin, ou=system

      Bind password: secret

       

      7)    Right click the connection name, Import users with LDIF Import

       

      2.    Configure repository.xml

       

      • Remove or comment the LoginModule element in the repository configuration (repository.xml). The configuration file can be found in the folder crx-quickstart/repository.
      • Ensure that the file ldap_login.conf is in a folder such as crx-quickstart/conf/ of your CRX installation folder.
      • Add the following bolded code to repository.xml so that users can login

          <SecurityManager class="com.day.crx.core.CRXSecurityManager">

              <WorkspaceAccessManager  class="org.apache.jackrabbit.core.

                     security.simple.SimpleWorkspaceAccessManager"/>

              <UserManager class="com.day.crx.core.CRXUserManagerImpl">

                  <param name="usersPath" value="/home/users"/>

                  <param name="groupsPath" value="/home/groups"/>

                  <param name="defaultDepth" value="1"/>

              </UserManager>

          </SecurityManager>

       

      3.    Change start.bat and Quickstart.bat


      From the command line, start Quickstart with the option:

      -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf

          For example:

          32-bit VM:

           java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -Xmx384M -jar crx-quickstart-<version>.jar

          64-bit VM:

           java -Djava.security.auth.login.config=crx-quickstart/conf/ldap_login.conf -XX:MaxPermSize=128m -Xmx512M -jar crx-quickstart-<version>.jar


      4.    Starting CQ5 as Windows Service

       

      We install CQ5 as a windows service with instsrv.bat located in C:\author\crx-quickstart\opt\helpers.Hence, if we want to use CQ5 service with LDAP. We need to change instsrv.bat and then run instsrv.bat to install CQ5 as a Windows Service.

      Replace line 40: set jvm_options=-XX:MaxPermSize=256M

      With: set jvm_options=-Djava.security.auth.login.config=C:/author2013/crx-quickstart/conf/ldap_logi n.conf";"-XX:MaxPermSize=256M

       

      5.    Start the CQ5 service with CMD or Service of Task Manager

              c:>sc start CQ5 (or any service name you installed, say cq5author)


      6.    Now you can login by LDAP users

        • 1. Re: CQ5 as Windows Service with LDAP Authentication
          shailesh08 Level 1

          Hi,

          I tried the steps mentioned, but the steps mentioned above are jumped may be because of the different LDAP server. I am using Apache Directory Studio.

          And even i could not find any option "import users from LDIF". Can you please guide me what exactly i need to do.

           

           

          Regards,

          Shailesh

          • 2. Re: CQ5 as Windows Service with LDAP Authentication
            great98 Level 1

            Please see the screenshot about how to import users.LDAP Import Users.jpg

            • 3. Re: CQ5 as Windows Service with LDAP Authentication
              shailesh08 Level 1

              ldap.png

              Hi,

              Sorry I was not clear about the problem in the msg. I am not able to get what LDIP needs to be entered in the dropdown over here in the screenshot.

              Can you even verify the ldap_login.conf file whether is that there is something missing in it.

               

              com.day.crx {

                 com.day.crx.core.CRXLoginModule sufficient;

                 com.day.crx.security.ldap.LDAPLoginModule required

                            principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                            host="10.242.135.12"

                            port="10389"

                   authDn="testuser"

                            authPw="intel"

                            secure="true"

                            userRoot="ou=users,ou=system"

                            groupRoot="ou=groups,ou=system"

                            groupMembershipAttribute="uniquemember"

                            autocreate="create"

                            autocreate.user.mail="profile/email"

                            autocreate.user.givenname="profile/givenName"

                            autocreate.user.sn="profile/familyName"

                            autocreate.group.description="profile/aboutMe"

                            autocreate.group.mail="profile/email"

                            autocreate.group.cn="profile/givenName"

                            autocreate.path="direct"

                            cache.expiration="600"

                            cache.maxsize="100";

              };

               

               

              Thanks & Regards,

              Shailesh

              • 4. Re: CQ5 as Windows Service with LDAP Authentication
                great98 Level 1

                A file with the LDIF file extension is a LDAP Data Interchange Format file.

                 

                LDIF (Lightweight Directory Interchange Format) is an ASCII file format used to exchange data and enable the synchronization of that data between Lightweight Directory Access Protocol ( LDAP ) server s called Directory System Agents (DSAs). LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network. An LDAP directory can be distributed among many servers. LDIF is used to synchronize each LDAP directory.

                  

                The first step in synchronizing LDAP directories is extracting the full contents of or a portion of the original LDAP directory and formatting the contents into an LDIF file. The LDIF file is then mailed to a directory synchronization robot called DIRBOT. After several different steps, a final LDIF file is compared to the original LDIF file. The update instructions on what records to add, delete, or modify in the original directory are decided. These updates are then used to synchronize all LDAP directories.

                 

                If you don't have LDIF file to be imported, it does not matter. You can create entries by LDAP server directly. A .LDIF file is just a file prepared by LDIF editor.

                 

                LDIF file examples:

                http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-admin/html/LDAPConfig 7.html

                • 5. Re: CQ5 as Windows Service with LDAP Authentication
                  great98 Level 1

                  The following is my sample ldap_login.conf, please refer to it. Please note the authPw (888888) must be the same as what you set in LDAP server:

                   

                  com.day.crx {

                     com.day.crx.core.CRXLoginModule sufficient;

                     com.day.crx.security.ldap.LDAPLoginModule required

                                principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                                host="localhost"

                                                          port="10389"

                                                          authDn="uid=admin,ou=system"

                                        authPw="888888"

                                                          userRoot="ou=users,dc=adobe,dc=com"

                                                          groupRoot="ou=groups,dc=adobe,dc=com"

                                                          userFilter="(objectclass=person)"

                                                          userIdAttribute="sn"

                                                          groupFilter="(objectclass=groupOfUniqueNames)"

                                                          groupMembershipAttribute="uniquemember"

                                                          groupNameAttribute="cn"

                                                          deny_anonymous_access="true"

                                autocreate="create"

                                autocreate.user.mail="rep:e-mail"

                                                          autocreate.user.cn="rep:fullname"

                                                          autocreate.group.mail="rep:e-mail"

                                                          autocreate.group.cn="rep:fullName"

                                                          autocreate.group.localadmin="admin"

                                                          autocreate.group.uniquemember="uniquemember"

                                                          autocreate.group.description="description"

                                                          autocreate.syncdelay="1800"

                                                autocreate.lastmodified ="lastmodified"

                                                autocreate.path="direct"

                                cache.expiration="600"

                                cache.maxsize="100";

                  };

                  • 6. Re: CQ5 as Windows Service with LDAP Authentication
                    shailesh08 Level 1

                    LDAP server.png

                    com.day.crx {

                       com.day.crx.core.CRXLoginModule sufficient;

                       com.day.crx.security.ldap.LDAPLoginModule required

                                  principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                                  host="192.168.1.8"

                                  port="10390"

                         authDn="uid=testuser,ou=users,ou=system"

                                  authPw="abc11"

                                  secure="true"

                                  userRoot="ou=users,ou=system"

                                  groupRoot="ou=groups,ou=system"

                                  groupMembershipAttribute="uniquemember"

                                  autocreate="create"

                                  autocreate.user.mail="profile/email"

                                  autocreate.user.givenname="profile/givenName"

                                  autocreate.user.sn="profile/familyName"

                                  autocreate.group.description="profile/aboutMe"

                                  autocreate.group.mail="profile/email"

                                  autocreate.group.cn="profile/givenName"

                                  autocreate.path="direct"

                                  cache.expiration="600"

                                  cache.maxsize="100";

                    };

                     

                    repository.xml

                    <?xml version="1.0" encoding="ISO-8859-1"?>
                    <!-- ======================================================================= -->
                    <!-- $Id: repository-template.xml 78567 2011-06-16 04:27:03Z tripod $ -->
                    <!-- ======================================================================= -->
                    <!-- Copyright (c) 1997-2008 Day Management AG                               -->
                    <!-- Barfuesserplatz 6, 4001 Basel, Switzerland                              -->
                    <!-- All Rights Reserved.                                                    -->
                    <!--                                                                         -->
                    <!-- This software is the confidential and proprietary information of        -->
                    <!-- Day Management AG, ("Confidential Information"). You shall not          -->
                    <!-- disclose such Confidential Information and shall use it only in         -->
                    <!-- accordance with the terms of the license agreement you entered into     -->
                    <!-- with Day.                                                               -->
                    <!-- ======================================================================= -->
                    <!DOCTYPE Repository PUBLIC "-//Day Management AG//DTD CRX 2.4//EN"
                                                "http://www.day.com/dtd/repository-2.4.dtd">
                    <Repository>
                        <!--
                        virtual file system where the repository stores global state
                        (e.g. registered namespaces, custom node types, etc.)
                        -->
                        <!--
                        <FileSystem class="com.day.jackrabbit.fs.cq.CQFileSystem">
                            <param name="path" value="${rep.home}/repStore.dat"/>
                            <param name="autoRepair" value="false"/>
                        </FileSystem>
                        -->
                        <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
                            <param name="path" value="${rep.home}/repository"/>
                        </FileSystem>

                        <!--
                        large binary objects are stored in the data store.
                        -->
                        <DataStore class="com.day.crx.core.data.ClusterDataStore"/>

                        <!--
                        security configuration
                        -->
                        <Security appName="com.day.crx">
                            <!--
                                security manager:
                                class: FQN of class implementing the JackrabbitSecurityManager interface
                            -->
                            <!--SecurityManager class="com.day.crx.core.CRXSecurityManager" workspaceName="" -->
                            <SecurityManager class="com.day.crx.core.CRXSecurityManager">
                                <!--
                                optional user manager configuration
                                -->
                                <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
                                    <param name="usersPath" value="/home/users"/>
                                    <param name="groupsPath" value="/home/groups"/>
                                    <param name="defaultDepth" value="1"/>
                                    <param name="autoExpandTree" value="true"/>
                                    <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlAction">
                                      <param name="groupPrivilegeNames" value="jcr:read"/>
                                      <param name="userPrivilegeNames" value="jcr:all"/>
                                    </AuthorizableAction>
                                    <!--AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/>-->
                                </UserManager>

                                <!--
                                optional workspace access manager configuration
                               -->
                            </SecurityManager>
                     
                            <!--
                            access manager:
                            class: FQN of class implementing the AccessManager interface
                            -->
                            <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
                            <!--
                            Use LoginModule authenticating against repository itself
                            -->
                            <LoginModule class="com.day.crx.core.CRXLoginModule">
                                <param name="anonymousId" value="anonymous"/>
                                <param name="adminId" value="admin"/>
                                <param name="disableNTLMAuth" value="true"/>
                                <param name="tokenExpiration" value="43200000"/>
                                <!-- param name="trust_credentials_attribute" value="d5b9167e95dad6e7d3b5d6fa8df48af8"/ -->
                            </LoginModule>
                        </Security>

                        <!--
                        location of workspaces root directory and name of default workspace
                        -->
                        <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="crx.default" maxIdleTime="5"/>
                        <!--
                        workspace configuration template:
                        used to create the initial workspace if there's no workspace yet
                        -->
                        <Workspace name="${wsp.name}" simpleLocking="true">
                            <!--
                            virtual file system of the workspace:
                            class: FQN of class implementing FileSystem interface
                            -->
                            <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
                                <param name="path" value="${wsp.home}"/>
                            </FileSystem>

                            <!--
                            persistence manager of the workspace:
                            class: FQN of class implementing PersistenceManager interface
                            -->
                            <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>

                            <!--
                            Search index and the file system it uses.
                            -->
                            <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
                                <param name="path" value="${wsp.home}/index"/>
                                <param name="resultFetchSize" value="50"/>
                            </SearchIndex>

                            <!--
                            Workspace security configuration
                            -->
                            <WorkspaceSecurity>
                                <AccessControlProvider class="org.apache.jackrabbit.core.security.authorization.acl.ACLProvider">
                                    <param name="omit-default-permission" value="true"/>
                                </AccessControlProvider>
                            </WorkspaceSecurity>

                            <!--
                            XML Import configuration of the workspace
                            -->
                            <Import>
                                <ProtectedItemImporter class="org.apache.jackrabbit.core.xml.AccessControlImporter"/>
                                <ProtectedItemImporter class="org.apache.jackrabbit.core.security.user.UserImporter">
                                    <param name="importBehavior" value="besteffort"/>
                                </ProtectedItemImporter>
                            </Import>
                        </Workspace>

                        <!--
                            Configures the versioning
                        -->
                        <Versioning rootPath="${rep.home}/version">
                            <!--
                                Configures the filesystem to use for versioning of the respective
                                persistence manager
                            -->
                            <FileSystem class="org.apache.jackrabbit.core.fs.local.LocalFileSystem">
                                <param name="path" value="${rep.home}/version"/>
                            </FileSystem>

                            <!--
                                Configures the persistence manager to use for the versioning.
                                Please note, that the current versioning implementation is based on
                                a 'normal' persistence manager, but this could change in future
                                implementations.
                            -->
                            <PersistenceManager class="com.day.crx.persistence.tar.TarPersistenceManager"/>

                        </Versioning>

                        <!--
                            Enable searching the /jcr:system subtree
                        -->
                        <SearchIndex class="com.day.crx.query.lucene.LuceneHandler">
                            <param name="path" value="${rep.home}/repository/index"/>
                        </SearchIndex>

                        <!--
                            Cluster configuration.
                        -->
                        <Cluster>
                            <Journal class="com.day.crx.persistence.tar.TarJournal"/>
                        </Cluster>

                        <!--
                            Configures extension modules
                        -->
                        <Modules>
                            <!--
                               Sample configuration of an EventLoggerModule requiring configuration
                               <Module class="com.day.crx.eventlogger.EventLoggerModule">
                                   <param name="workspaces" value="crx.default"/>
                                   <param name="logWorkspace" value="crx.logger"/>
                                   <param name="logPath" value="/logger"/>
                               </Module>
                            -->
                        </Modules>
                    </Repository>

                     

                    Hi,

                    I am still not able to login using the user i created in LDAP server. I have verified by using the jxplorer and the LDAP server is working fine as whatever user I am creating in jxplorer it is propagation and getting saved in the LDAP server.

                     

                    By looking into the screenshot seeing above if you find anything that is missing, please do let me know.

                     

                    Thanks & Regards,

                    Shailesh

                    • 7. Re: CQ5 as Windows Service with LDAP Authentication
                      great98 Level 1

                      1) comment out the following in your repository.xml:

                      <!--

                      <LoginModule class="com.day.crx.core.CRXLoginModule">

                                  <param name="anonymousId" value="anonymous"/>

                                  <param name="adminId" value="admin"/>

                                  <param name="disableNTLMAuth" value="true"/>

                                  <param name="tokenExpiration" value="43200000"/>

                                  param name="trust_credentials_attribute" value="d5b9167e95dad6e7d3b5d6fa8df48af8"/

                              </LoginModule>

                       

                      -->

                       

                      2) Add the following bolded code to repository.xml so that users can login

                          <SecurityManager class="com.day.crx.core.CRXSecurityManager">

                              <WorkspaceAccessManager  class="org.apache.jackrabbit.core.

                                     security.simple.SimpleWorkspaceAccessManager"/>

                              <UserManager class="com.day.crx.core.CRXUserManagerImpl">

                                  <param name="usersPath" value="/home/users"/>

                                  <param name="groupsPath" value="/home/groups"/>

                                  <param name="defaultDepth" value="1"/>

                              </UserManager>

                          </SecurityManager>

                       

                       

                      yours:

                       

                           <SecurityManager class="com.day.crx.core.CRXSecurityManager">
                                  <!--
                                  optional user manager configuration
                                  -->

                              <WorkspaceAccessManager  class="org.apache.jackrabbit.core.

                                     security.simple.SimpleWorkspaceAccessManager"/>



                                  <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserM anager">
                                      <param name="usersPath" value="/home/users"/>
                                      <param name="groupsPath" value="/home/groups"/>
                                      <param name="defaultDepth" value="1"/>
                                      <param name="autoExpandTree" value="true"/>
                                      <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.AccessControlA ction">
                                        <param name="groupPrivilegeNames" value="jcr:read"/>
                                        <param name="userPrivilegeNames" value="jcr:all"/>
                                      </AuthorizableAction>
                                      <!--AuthorizableAction class="com.day.crx.core.ntlm.NTLMAuthorizableAction"/>-->
                                  </UserManager>

                                  <!--
                                  optional workspace access manager configuration
                                 -->
                              </SecurityManager>

                      • 8. Re: CQ5 as Windows Service with LDAP Authentication
                        shailesh08 Level 1

                        Hi,

                        Still not able to login.., "User Name and Password do not match".

                         

                        Is there anything else that could be there

                        Regards,

                        Shailesh

                        • 9. Re: CQ5 as Windows Service with LDAP Authentication
                          great98 Level 1

                          If it is password problem, you can try to reset password for the user with Apache Directory Studio (LDAP server):

                           

                          333.jpg

                          • 10. Re: CQ5 as Windows Service with LDAP Authentication
                            shailesh08 Level 1

                            Hi,

                            My instance stopped working after I modified the repository.xml as threaded in the chain above. The two changes made were:-

                            1. added <SecurityManager class="com.day.crx.core.CRXSecurityManager">

                                    <WorkspaceAccessManager  class="org.apache.jackrabbit.core.

                                           security.simple.SimpleWorkspaceAccessManager"/>

                                    <UserManager class="com.day.crx.core.CRXUserManagerImpl">

                                        <param name="usersPath" value="/home/users"/>

                                        <param name="groupsPath" value="/home/groups"/>

                                        <param name="defaultDepth" value="1"/>

                                    </UserManager>

                                </SecurityManager>

                             

                            2. commented <LoginModule class="com.day.crx.core.CRXLoginModule">

                                        <param name="anonymousId" value="anonymous"/>

                                        <param name="adminId" value="admin"/>

                                        <param name="disableNTLMAuth" value="true"/>

                                        <param name="tokenExpiration" value="43200000"/>

                             

                                    </LoginModule>

                             

                            As I commented the first one and uncommented the second one in repository.xml my instance started working., before that I was getting

                            Service Unavailable

                            AuthenticationSupport service missing. Cannot authenticate request.

                             

                             

                            Is there anything else that could be done for this authentication part.?

                            Thanks & Regards,

                            Shailesh

                            • 11. Re: CQ5 as Windows Service with LDAP Authentication
                              great98 Level 1

                              Please use this correct ldap_login.conf as main reference, your authDn is not right, should be authDn="uid=admin,ou=system":

                               

                              com.day.crx {

                                 com.day.crx.core.CRXLoginModule sufficient;

                                 com.day.crx.security.ldap.LDAPLoginModule required

                                            principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                                            host="localhost"

                                                                      port="10389"

                                                                      authDn="uid=admin,ou=system"

                                                    authPw="888888"

                                                                      userRoot="ou=users,dc=adobe,dc=com"

                                                                      groupRoot="ou=groups,dc=adobe,dc=com"

                                                                      userFilter="(objectclass=person)"

                                                                      userIdAttribute="sn"

                                                                      groupFilter="(objectclass=groupOfUniqueNames)"

                                                                      groupMembershipAttribute="uniquemember"

                                                                      groupNameAttribute="cn"

                                                                      deny_anonymous_access="true"

                                            autocreate="create"

                                            autocreate.user.mail="rep:e-mail"

                                                                      autocreate.user.cn="rep:fullname"

                                                                      autocreate.group.mail="rep:e-mail"

                                                                      autocreate.group.cn="rep:fullName"

                                                                      autocreate.group.localadmin="admin"

                                                                      autocreate.group.uniquemember="uniquemember"

                                                                      autocreate.group.description="description"

                                                                      autocreate.syncdelay="1800"

                                                            autocreate.lastmodified ="lastmodified"

                                                            autocreate.path="direct"

                                            cache.expiration="600"

                                            cache.maxsize="100";

                              };

                               

                              Other steps ,please refer to the following URL carefully:

                               

                              http://helpx.adobe.com/cq/kb/LdapConfig.html

                              http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html

                              • 12. Re: CQ5 as Windows Service with LDAP Authentication
                                shailesh08 Level 1

                                Hi,

                                The links shared tells us the same things as we were trying before.

                                I tried every combination possible in repository.xml

                                1. LoginModule removed with org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager present. -503 error

                                2. LoginModule present with with org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager present. - able to open instance

                                3. LoginModule removed with com.day.crx.core.CRXUserManagerImpl presnt. -503 error

                                4. LoginModule present with com.day.crx.core.CRXUserManagerImpl present. -503 error

                                5. LoginModule present with com.day.crx.core.CRXUserManagerImpl & org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager presnt. -503 error

                                6. LoginModule removed with com.day.crx.core.CRXUserManagerImpl & org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager present. -503 error

                                 

                                The ldap_login.confg used is

                                com.day.crx {

                                   com.day.crx.core.CRXLoginModule sufficient;

                                   com.day.crx.security.ldap.LDAPLoginModule required

                                              principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                                              host="10.242.135.208"

                                              port="10390"

                                   authDn="uid=admin,ou=system"

                                              authPw="admin"

                                   userFilter="(objectclass=person)"

                                              userIdAttribute="uid"

                                              groupFilter="(objectclass=groupOfUniqueNames)"

                                              groupMembershipAttribute="uniquemember"

                                              groupNameAttribute="cn"

                                              deny_anonymous_access="true"

                                              secure="true"

                                              userRoot="ou=users,ou=system"

                                              groupRoot="ou=groups,ou=system"

                                              groupMembershipAttribute="uniquemember"

                                              autocreate="create"

                                              autocreate.user.mail="profile/email"

                                              autocreate.user.givenname="profile/givenName"

                                              autocreate.user.sn="profile/familyName"

                                              autocreate.group.description="profile/aboutMe"

                                              autocreate.group.mail="profile/email"

                                              autocreate.group.cn="profile/givenName"

                                              autocreate.path="direct"

                                              cache.expiration="600"

                                              cache.maxsize="100";

                                };

                                 

                                 

                                ldap.png

                                Can you please verify if the authDn and the authPwd is correct or is there any mistake that I am commiting. Or there is something else which is causing the problem..

                                 

                                 

                                Thanks & Regards,

                                Shailesh