You are not logged in.
I have configured reportserver to import the users being registered in IBM Lotus Domino and edited my ldapimport file as follows: -
lul.setProviderUrl("ldap://10.11.11.100:389");
lul.setSecurityPrincipal("CN=Administrator,O=Witzz");
lul.setSecurityCredentials("password");
lul.setLdapBase("O=Witzz");
When I execute the script in terminal window in reportserver, nothing happens at all. There is no error or exception, everything is peaceful but in user management section nothing else then an extra "external" entry. I am using the command "exec -c ldapimport.groovy" to import the user, which I have uploaded in /fileserver/bin directory.
When I tried to set the security principal in different way (CN=Administrator, CN=Users, CN= Directory, O=Witzz), the exception (Invalid Credentials) is thrown and call to domino server appears on the console of the server as well. But when I given the correct settings I can not even see anything on Domino console.
PS: Above mentioned configuration is working fine in Softerra LDAP Browser.
What's going on, AM I missing something here?
Last edited by alijanjua (2015-10-09 07:46:18)
Offline
Hi alijanjua,
the problem probably is not with the credentials, but something more fundamental:
The script from the blog is meant to be used with Active Directory and while LDAP is a standard, the way user object are stored are different for each vendor. From the top of my head I remember two things that need to be changed:
- the objectClasses for organizationalUnit, user and group
- the way object guids are computed
I'm sorry I can't be more specific, but I have no access to a Domino server, so it's hard to tell.
Cheers,
Thorsten
As it is a test server which I am using fro RnD so I can share the directory structure with you.
After configuring Softerra LDAP Browser with following configurations: -
Base DN= "O=Witzz"
Principal = "CN=Administrator,O=Witzz"
Password ="Fake"
Filter = "(objectClass=*)"
I get the directory structure as follows: -
CN=Administrator
--> cn Administrator
--> mail administrator@witzz.com
--> DisplayName Administrator
Similarly n number of users and n number of attributes of each user.
Based upon these details, can you guide what configuration I should do at both ends?
Offline
Hi alijanjua,
unfortunately it's a little more complicated than that. I'll try to explain:
There are three types of objects we need to care about and what information you need:
- OrganizationalUnits ("folders")
- the objectClass(es)
- the attribute that stores the OUs name
Users
- the objectClass(es)
- the names of the attributes for: firstname, lastname, username, email
Groups
- the objectClass(es)
- the attribute that stores the groups name
To handle group memberships correctly you also need to find out how these are stored.
This could either be:
- an attribute for a group
- the name of the attribute
- what is stored (username, path) and how (comma-separated-list?)
- an attribute for a user
- the name of the attribute
- what is stored (group name, path) and how (comma-separated-list?)
with this information you can start editing the script. First you have to update the ldapFilter so it matches all the relevant objectClasses. You then have to map the objectClasses to reportserver object. Look for the part where it says "create node" and replace organizationalUnit, user, group with your values. Next step is to update the attribute mapping. Search the file for "copy" you will find 3 blocks of code looking like this node.setFirstname(getStringAttribute(sr, "givenName")) replace these with the attribute names you are using.
Final step is to adapt the creation of guids. Look for get("objectGUID"). You might be able to replace this whole thing with something simple like "return sr.getName().toString();" but if Lotus Domino has something like the objectGuid in AD you might want to use this instead.
Cheers,
Thorsten