26 Replies Latest reply on Mar 16, 2012 10:04 AM by Dustin_Kramer

    LDAP issues on RH9

    LaRoque149

      I'm attempting to use LDAP in the configuration manager but its rejecting me outright. 

      These are my settings:

       

      Built in database radio button selected

       

      LDAP Server URL - ldap://mycompany.local:389

      Base Node for User Search: dc=mycompany,dc=local

      Base Node for Group Search: dc=mycompany,dc=local

      User ID attribute Name: cn

      Group ID attribute name: cn

      Group Member Attribute: member

       

      Default Admin Account for Web Administrator    

      Username - myadminaccountname

      Password - grayedout

       

      I have verified all of the attributes as being correct but I'm still getting a javax.naming.authetication error - 49

       

      Can anyone help

        • 1. Re: LDAP issues on RH9
          RoboColum(n) Level 5

          Hi LaRoque149 and welcome to the RH forums.

           

          I believe you are referring to access to the RoboHelp Server web administrator. Is that right? If so, I'm not aware if you can even use it with LDAP. Maybe John Daigle can advise here. "Paging Mr Daigle". "Paging Mr Daigle".


            @robocolumn
            The RoboColum(n)
            Colum McAndrew

          • 2. Re: LDAP issues on RH9
            LaRoque149 Level 1

            Thanks for getting back to me RoboColum(n),

            Yes, I am using RH Server Web Administrator.  According to pages 14-15 of the help file in RH 9 I should be able to user LDAP authentication for RH Server...

            • 3. Re: LDAP issues on RH9
              RoboColum(n) Level 5

              Having reread your original post I am now unclear about where the problem is. Is it that the Configuration Manager is not allowing you to set up your LDAP connection? Or is it that it is all set up but that you can't access the Web Administrator?

               

              You may know this already but that Java error is due to invalid credentials. Maybe you could post the entire error here as part of it may give us more of a clue. See the link below for further details.

              http://www.blogsoncloud.com/jsp/techSols/javax-naming-AuthenticationException.jsp


                @robocolumn
                The RoboColum(n)
                Colum McAndrew

              • 4. Re: LDAP issues on RH9
                LaRoque149 Level 1

                I can open the Configuration Manager, open the /robohelp context, select Use LDAP Authentication, and fill out my information, save and restart Tomcat.

                 

                I open the server web administrator and I'm presented with a logon screen.  At this point, I cannot use network administrator name and password.

                 

                If I don't make any changes to the Server Configuration Manager, I can use the default admin name and password.

                 

                This is on a Server 2008 EE R2 server.dc

                 

                The exact error message is:

                Error in LDAP

                authentication.<br>javax.naming.AuthenticationException: [LDAP: error code 49 - comment: AcceptSecurityContext error,data 52e, v1db0

                 

                This is the content of the Robohelp_server properties file: (Names, domains and servers are changed for this forum)

                 

                rolesearchbase=dc=mycompany,dc=local

                DefAdminPwd=

                rolesearch=member

                DefAdminUid=adminmyname

                maxload=150

                usersearchbase=dc=mycompany,dc=local

                ldapURL=ldap://dc01.mycompany.local:389

                authtype=ldap

                reindex=true

                dsnuser=

                useridkey=cn

                ProjectsUrlBase=/robohelp/robo

                substringsearch=false

                rolename=cn

                DatabaseType=access

                ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robo

                DSN=

                dsnpwd=

                • 5. Re: LDAP issues on RH9
                  LaRoque149 Level 1

                  I found a partial answer.

                   

                  In the robohelp_server.properties file I changed

                  usersearchbase=dc=mycompany,dc=local

                   

                  to

                  usersearchbase=ou=users,ou=is-admins,ou=myOU,dc=myCompany,dc=local

                   

                  Caveat - I could not use the Configuration Manager to make the changes stick - Sometimes it worked, other times it didn't.  Stopping/Starting/Restarting Tomcat at any point in the process had only a limited effect.  Some items changed, others didn't - No valid reason why.

                   

                  I had to actually edit the robohelp_server.properties file manually.

                   

                  I am now able to use my adminname/password to access the Web Administrator.  I can add others from my group, but I am currently not able to add regular users from the rest of the company due to the fact that I can only search in the specified context in the usersearchbase and I'm not able to add additional search bases.

                  • 6. Re: LDAP issues on RH9
                    Dustin_Kramer

                    I have the same problem with the same error.... LDAP Server & RoboHelp Server 9 are both Windows 2008 R2.

                    • 7. Re: LDAP issues on RH9
                      LaRoque149 Level 1

                      Hope my previous notes were able to help you Dustin


                       

                       


                      • 8. Re: LDAP issues on RH9
                        Dustin_Kramer Level 1

                        No, sorry still can not get LDAP to work .

                        • 9. Re: LDAP issues on RH9
                          Dustin_Kramer Level 1

                          This is all i ever get...

                          Login Error

                          Error in LDAP

                          a uth e nti cation. &It; b r >j ;::tvax. naming .Authentic a

                          tionException: [LDAP: error code 49-

                          80091J308: LdapErr: DSID-OC0903A9.

                          comment: Accept8ecurityCor1text error. data

                          52 e. v·1 db ·1

                           

                          Here is my config...

                          rolesearchbase=DC=ne*,DC=cir*,DC=local

                          DefAdminPwd=admin

                          rolesearch=member

                          DefAdminUid=dustin

                          maxload=150

                          usersearchbase=OU=USERS,OU=USBC,DC=ne*,DC=cir*,DC=local

                          ldapURL=ldap://dc1.ne*.cir*.local:389

                          authtype=ldap

                          reindex=true

                          dsnuser=

                          useridkey=cn

                          ProjectsUrlBase=/robohelp/robo

                          substringsearch=false

                          rolename=cn

                          DatabaseType=access

                          ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robo

                          DSN=

                          dsnpwd=

                          • 10. Re: LDAP issues on RH9
                            LaRoque149 Level 1

                            My system has Java jre-6u31-windows-x64 and Tomcat 7.0 installed.   Java has to be installed prior to Tomcat.  Once both are installed, I set the properties for Tomcat to start automatically.

                             

                             

                            First and foremost, you have to know where your admin ID is in your AD structure.    I could not get the Configuration Manager to work correctly so I had to edit the robohelp_server.properties file manually.  You can open the robohelp_server.properties (or your new context_server.properties) file in Notepad.

                             

                            Once the file is open, verify that the DefAdminPwd is deleted.  Verify that your DefAdminUid adminName is correct. Theres a good tool called Softerra LDAP administrator to query your LDAP server if you do not know where your adminID is. 

                             

                            This is the exact procedure that I have my Project Administrators use to create a new context:

                            Log into the Robohelp server CMCROBO01 with your administrator name and password.

                            Click on Start>All Programs>Adobe RoboHelp Server 9>Configuration Manager

                            Navigate to C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf

                            Select server.xml and Open.

                            Specify Tomcat 7 from the drop-down menu

                            At this point the RoboHelp Server Configuration Manager will open.

                            Select File>New Context

                            Select a context name for your project.  In this case my context name is (mycontextname) - I have been using lower case letters for context naming to stay consistent with folder structure. Click OK.

                            (MY Context Name is the name of a project created in RoboHelp 9 HTML that I plan to push to the RoboHelp Server).

                            To stay consistent, please do not use special characters when creating a context !@#$%^&*()_+= etc (My rule)

                            Click the Use LDAP Authentication check box and fill in the white areas of the RoboHelp Server Configuration Manager.


                            LDAP Server URL - ldap://domainController01.myCompany.local:389

                            Base Node for User Search - ou=users,ou=is-admins,ou=anotherOU,dc=myCompany,dc=local

                            Base Node for Group Search - dc=myCompany,dc=local

                            User ID Attribute Name - cn

                            Group ID Attribute Name - cn

                            Group Member Attribute - member

                            Default Admin Account for Web Administrator

                                      Username - adminrobohelp

                                      Password - (grayed out)

                             

                            Click Save.  Close Configuration Manger.  This should restart the Tomcat service.

                            Tomcat may be slow to restart.  Just to be safe, start/restart Tomcat manually.

                            Navigate to C:\Program Files\Adobe\Adobe Robohelp Server 9\WEB-INF and find a file called mycontextname_server.properties.  (mycontextname_server), and open the file with Notepad.  Delete the the DefAdminPwd "admin" and save.  Verify that the DefAdminUid is adminrobohelp. (or whatever your adminName is)

                             

                            opencontextfile.PNG

                            Restart the Tomcat service.

                             


                             


                             

                             


                            • 11. Re: LDAP issues on RH9
                              LaRoque149 Level 1

                              Now that I look at your config, delete the DefAdminPwd. (admin)

                              • 12. Re: LDAP issues on RH9
                                Dustin_Kramer Level 1

                                Okay did that but still no luck, same error 49....

                                • 13. Re: LDAP issues on RH9
                                  LaRoque149 Level 1

                                  The  only other thing I see in your config is that you are using an asterisk in your searches.   I also found that I had to make sure all my context_server.properties files had the same information.

                                  • 14. Re: LDAP issues on RH9
                                    Dustin_Kramer Level 1

                                    The asterisk are not in the real config file.

                                    • 15. Re: LDAP issues on RH9
                                      Dustin_Kramer Level 1

                                      Do you delete DefAdminPwd=   or just admin out of the config file?

                                      • 16. Re: LDAP issues on RH9
                                        LaRoque149 Level 1

                                        Just the word admin

                                        • 17. Re: LDAP issues on RH9
                                          Dustin_Kramer Level 1

                                          Okay here is what i got.

                                          rolesearchbase=DC=n12,DC=cbc,DC=com

                                          DefAdminUid=user1

                                          rolesearch=member

                                          DefAdminPwd=

                                          maxload=150

                                          ldapURL=ldap://dc1.n12.cbc.com:389

                                          usersearchbase=OU=USERS,OU=USBC,DC=n12,DC=cbc,DC=com

                                          dsnuser=

                                          reindex=true

                                          authtype=ldap

                                          ProjectsUrlBase=/robohelp/robo

                                          useridkey=cn

                                          substringsearch=false

                                          rolename=cn

                                          DSN=

                                          ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robo

                                          DatabaseType=access

                                          dsnpwd=

                                          • 18. Re: LDAP issues on RH9
                                            LaRoque149 Level 1

                                            This is the content of my robohelp_server.properties file  (RoboHelp Server 9)  

                                            The only differences that I see are that the order is slightly different.

                                             

                                            My ProjectsURLBase=/robohelp/robohelp and ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robohelp. 

                                            Yours is ProjectsURLBase=/robohelp/robo and ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robo.

                                             

                                            If you have created any other contexts_server.properties files, you should make sure that they all have the exact same information.

                                             

                                            rolesearchbase=dc=caidan,dc=local

                                            DefAdminPwd=

                                            rolesearch=member

                                            DefAdminUid=adminrobohelp

                                            maxload=150

                                            usersearchbase=ou=users,ou=is-admins,ou=hpm,dc=caidan,dc=local

                                            ldapURL=ldap://cmcdc01.caidan.local

                                            dsnuser=

                                            reindex=true

                                            authtype=ldap

                                            useridkey=cn

                                            ProjectsUrlBase=/robohelp/robohelp

                                            substringsearch=false

                                            rolename=cn

                                            DSN=

                                            ProjectsDirBase=c:\\program files\\adobe\\adobe robohelp server 9\\robohelp

                                            DatabaseType=access

                                            dsnpwd=

                                            • 19. Re: LDAP issues on RH9
                                              LaRoque149 Level 1

                                              And restart Tomcat after any save.

                                              • 20. Re: LDAP issues on RH9
                                                Dustin_Kramer Level 1

                                                Okay looks like it got it to log in.   But it is not letting me add in any LDAP Groups or Users.

                                                • 21. Re: LDAP issues on RH9
                                                  LaRoque149 Level 1

                                                  I couldnt get groups to add either.  I could only add users that were in my OU.    What did you find as your final answer as to why you couldnt log in?

                                                  • 22. Re: LDAP issues on RH9
                                                    Dustin_Kramer Level 1

                                                    Nothing I just keep changing the usersearchbase= and created a special user just for robohelp.   I was tring to use my domain account.

                                                    • 23. Re: LDAP issues on RH9
                                                      Dustin_Kramer Level 1

                                                      How do you add users just put in the user name ?  Or do you need to put in anything special ?

                                                      • 24. Re: LDAP issues on RH9
                                                        Dustin_Kramer Level 1

                                                        It lets me add one LDAP Group called users.

                                                         

                                                        but nothing else

                                                        • 25. Re: LDAP issues on RH9
                                                          LaRoque149 Level 1

                                                          Everything revolves around the userssearchbase=.  If the string is correct, you should be able to find anyone in that particular user container.  The only people in my container (ou=users,ou=is-admins,ou=hpm,dc=caidan,dc=local) are system admins.  These will be the only people that I can add.This appears to be a limitation of RoboHelp.  For this to work correctly IMO it should work at the level ou=hpm,dc=caidan,dc=local.  If it worked at this level, I would be able to add anyone in the company.  In reply to your previous post, your domain account/password should have worked.

                                                          • 26. Re: LDAP issues on RH9
                                                            Dustin_Kramer Level 1

                                                            Okay figure out how to add the users... not by the sam account name but by the display name.