Messages

46

MP Server / Re: Unable to contact LDAP server through arslsync

« on: October 19, 2021, 12:32:18 AM »

ldapsearch -h <hostname> -p 389 -w <password> -s sub -b OU=Service Accounts -D CN=CN=svc-od-bind-t,OU=Service Accounts "(objectClass=user)"

ldapsearch worked like a charm
Reason the base dn looks odd is because I stripped it down to simplify my example for this forum.

ABH

47

MP Server / Re: Unable to contact LDAP server through arslsync

« on: October 18, 2021, 05:49:46 AM »

See the following document:

https://www.ibm.com/docs/en/cmofm/10.1.0?topic=processes-sample-ldap-configurations

The bindDN and bindDN password need to be in the stash file.

I removed bindDN and bindDN password from ars.cfg
ARS_LDAP_BIND_DN=CN=bind-user,OU=Service Accounts
ARS_LDAP_BIND_DN_PWD=xxxxxx

and added them to my stash with

Code: [Select]

$ /opt/IBM/ondemand/V10.1/bin/arsstash -a 7 -c -s ars.stash -u "CN=svc-od-bind-t,OU=Service Accounts"
by adding ARS_LDAP_BIND_DN_PWD to the stash, I guess you simply input the password when prompted for during the "arsstash -a 7 ..." command

Verified the ldap user was added to my stash

Code: [Select]

$ /opt/IBM/ondemand/V10.1/bin/arsstash -a 7 -s ars.stash
ARS1603I Userid >CN=svc-od-bind-t,OU=Service Accounts< is currently assigned to >LDAP<
ars.ini configuration contains aswell as other settings
SRVR_OD_CFG=/opt/IBM/ondemand/V10.1/config/ars.cfg
SRVR_DB_CFG=/opt/IBM/ondemand/V10.1/config/ars.dbfs
SRVR_SM_CFG=/opt/IBM/ondemand/V10.1/config/ars.cache
SRVR_OD_STASH=/opt/IBM/ondemand/V10.1/ars.stash

And since you are using AD you should set ARS_LDAP_ALLOW_ANONYMOUS=false

AD doesn't support anonymous bind.

Changed ARS_LDAP_ALLOW_ANONYMOUS to "false" in ars.cfg


Still receiving same error as before.

Thanks for your reply
ABH

48

MP Server / Unable to contact LDAP server through arslsync

« on: October 14, 2021, 01:47:49 PM »

I am configuring OnDemand to synchronise users / groups from Windows AD to OnDemand, through LDAP, non SSL. I am having trouble getting the synchronisation to connect to the LDAP server.

What has been done so far:

• configured /opt/IBM/ondemand/config/ars.cfg, configuration parameters can be seen further down
• restarted ondemand
• made sure I can reach LDAP server on port 389
• credentials for bind user is ok

Command:
/opt/IBM/ondemand/bin/arslsync -tv

Error received in OnDemand System Log:
LDAP Error: Can't contact LDAP server -- ldap_rc=81, -- extended_rc=0, -- ldap_errno=81, extra_rc=-1, File=arsldap.c, Line=1448

arc.cfg configuration:
###########################################
# LDAP Parameters (Library Server Only)   #
###########################################
ARS_LDAP_SERVER=hostname
ARS_LDAP_PORT=389
ARS_LDAP_USE_SSL=FALSE
ARS_LDAP_BASE_DN=OU=Service Accounts
ARS_LDAP_BIND_DN=CN=bind-user,OU=Service Accounts
ARS_LDAP_BIND_DN_PWD=xxxxxx
ARS_LDAP_BIND_ATTRIBUTE=cn
ARS_LDAP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_ALLOW_ANONYMOUS=TRUE

####################################################
# LDAP SYNC Parameters (requires CMOD v10.1.0.2+)  #
####################################################
ARS_LDAP_SERVER_TYPE=AD
ARS_LDAP_USER_FILTER=(ObjectClass=USER)
ARS_LDAP_GROUP_FILTER=(ObjectClass=GROUP)
ARS_LDAP_GROUP_MAPPED_ATTRIBUTE=cn
ARS_LDAP_IGN_USERIDS=ADMIN
ARS_LDAP_IGN_GROUPS=ADMINS

System information:
Aix: v7200-05-02-2114
OnDemand: 10.1.0.5
DB2: 11.1.1.1

Thanks in advance