[OpenAM] Integrating with Active Directory for user store

Major Péter majorpetya at sch.bme.hu
Mon Dec 13 09:38:25 GMT 2010


don't use the ldap people container stuff, it's probably buggy. Try 
without it.


2010-12-13 10:29 keltezéssel, Mark Eastman írta:
> I have linked my OpenAM installation with my internal Active Directory
> and find that the default installation links to the 'users' default
> section of AD. I can see all users from the AD and I can edit the
> attributes of these users. However ,the IT department do not use this
> format. Instead they have an OU for each of the main regions of the
> company - ie offices, they then have an OU for the departments within
> the offices and users are then added to these. An example user in this
> case has a distinquishedName of CN=Mark
> Eastman,OU=Development,OU=Gateshead UK,DC=sso,DC=local
> I changed the settings in the AD, to:
> LDAP People Container Naming Attribute: ou
> LDAP People Container Value: Gateshead UK
> Persistent Search Base DN: dc=sso,dc=local
> Persistent Search Filter: (objectclass=*)
> Persistent Search Scope: SCOPE_SUB
> When I look at the list of users all is well and I can see all the users
> under this area etc. However when I try to edit a single user I get:
> Plug-in com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo encountered an
> ldap exception 32: 0000208D: NameErr: DSID-0310020A, problem 2001
> (NO_OBJECT), data 0, best match of: 'OU=Gateshead UK,DC=sso,DC=local'
> I craeted a user directly under the Gateshead UK node and it worked fine
> so I am assuming the problem is that the list part of OpenAM does a full
> subtree scope search, whereas when I try to edit a user it only searches
> the immediate child nodes.
> *Mark Eastman*
> *Chief Technical Architect*
> **
> *
> *Advanced Business Solutions*
> PrismTech House, 5th Avenue Business Park,
> Team Valley, Gateshead,
> Tyne and Wear, NE11 0NG
> t: 0191 4827908 m: 07912281527 f: 0191 4827901
> www.advancedcomputersoftware.com/abs
> <http://www.advancedcomputersoftware.com/abs>
> *
> Read our blog <http://www.advancedcomputersoftware.com/abs/blog/>
> Follow us on Twitter <http://twitter.com/advbusiness>
> ------------------------------------------------------------------------
> COA Solutions Ltd, trading as Advanced Business Solutions, part of
> Advanced Computer Software Group.
> Registered in England at Munro House, Portsmouth Road, Cobham, Surrey,
> KT11 1TF. Registration number 03214465
> Please note that COA Solutions Ltd may monitor email traffic data and
> also the content of email for the purposes of security and staff training.
> This message (and any associated files) is intended only for the use of
> the stated recipient and may contain information that is confidential,
> subject to copyright or constitutes a trade secret. If you are not the
> intended recipient you are hereby notified that any dissemination,
> copying or distribution of this message, or files associated with this
> message, is strictly prohibited. If you have received this message in
> error or are not the intended recipient please notify us immediately by
> replying to the message or calling 08451 60 61 62 and deleting it from
> your computer. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of the company.
> We advise that in keeping with good computing practice the recipient of
> this email should ensure that it is virus free. We do not accept
> responsibility for any virus that may be transferred by way of this email.
> Email may be susceptible to data corruption, interception and
> unauthorised amendment, and we do not accept liability for any such
> corruption, interception or amendment or any consequences thereof.
> This email has been scanned for all viruses by the MessageLabs SkyScan
> service.
> Please consider the environment before printing this email
> **
> ------------------------------------------------------------------------
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam

More information about the OpenAM mailing list