Home
TeamSite
Iplanet Directory Server integration
mots
How Do I integrate Team Site with Iplanet Directory Server users and groups?
Find more posts tagged with
Comments
Santosh
I tried to integrated Iplanet Directory server with Interwoven with following configuration buts its not working ??? Any Suggestions
[authentication]
authenticate_by=ldap
ldap_server=ctsblrgm1
ldap_port=389
ldap_dnbase=ou=people,dc=cts,dc=com
#ldap_key=uid
ldap_roles=manager
#ldap_account=cn=Directory manager
#ldap_pwd=supplypower
#password_file=/pathtofile/passwordfile
#pam_service=teamsite
#pam_do_acct_mgmt=yes
PosProcessor_2010-11-10.pdf
StoryTeller_AdHoc_Reviewer_2010-11-10.pdf
Upgrade_to_Persuasion_2010-11-10.pdf
sajiddc
What kind of error message are you getting? Do you get an "Authentication Failure" when you try to login? Did you restart your TS after making the changes? Did you review the logs file? Are you not managing roles in your .uid files?
tvaughan
A) What version of TS are you running?
I'm on 5.0.1., and I don't think you can ask for ldap_roles like "manager." The value associated with "ldap_roles" needs to be a key in your ldap tree, that can get filled in by your LDAP administrator with a value from the set {"master", "admin", "editor", "author"}
For example, if you had the line:
ldap_roles=teamSiteRoles
(which, by the way is the rec'd setting), then your ou=people object should have a field called 'teamSiteRoles' that you can fill in.
Here's my config:
authenticate_by=ldap
ldap_server=hq2nwsl1.fhlmc.com
ldap_port=389
ldap_dnbase=o=fhlmc
#ldap_key=uid # not implemented in 5.0.1 !!!
ldap_roles=teamSiteRoles
#ldap_account=cn=tssbec,ou=users,ou=re1,o=fhlmc
#ldap_pwd=&&&&&&&&
Couple of things to note here:
--> Interwoven's 5.0.1 implementation of the ldap query string to use is
terrible
if you ask ldap for roles information. It uses "objectclass=*" and that's non-configurable! Every time anything happens in TeamSite, it floods LDAP with requests for everything in the entire tree, looking for any object with a 'teamSiteRole'
--> You can go against LDAP for just usernames and passwords, and keep roles local (that's what I'm doing), but if there's ever any disruption in the connection between your IW server and LDAP, IW goes into a confused state where it "loses roles" for every user and you have to bounce the IW process!!
--> If you fill in your 'ldap_account' to stop your TS server from hitting LDAP with anonymous binds, it'll still use the anonymous bind when TS first boots up and asks LDAP for a list of "users and groups" (tail the iwtrace.log during start up to see what I'm talking about)
--> Where did you get the syntax for the pam_service and pam_do_acct_mgmt ??? What do those do? I'm looking for some ways around the problem I just described and there's precious little documentation I've found . . . .
Thanks,
Tom
Santosh
Hi ,
We are trying to integrate interwoven TS with Iplanet Directory Server. but
we are not able to do so .
Product - TS
Version - 5.0.2
os_version - SunOS 5.8
We have added the following entries in my iw.cfg file
[authentication]
authenticate_by=ldap
ldap_server=10.236.161.25
ldap_port=389
ldap_dnbase=ou=people,dc=cts,dc=com
ldap_roles=manager
ldap_key=uid
ldap_account=cn=Directory manager
ldap_pwd=supplypower
ldap Search gives proper result :
# ldapsearch -h 10.236.161.25 -L -b "ou=people,dc=cts,dc=com" "(manager=master)" uid -d -v
dn: uid=gmpoc,ou=People,dc=cts,dc=com
uid: gmpoc
dn: uid=martinmgr,ou=People,dc=cts,dc=com
uid: martinmgr
Can u help us in sorting this issue ?
Santosh
Where did you get the syntax for the pam_service and pam_do_acct_mgmt ?
Theseare commented lines in the iw.cfg file that comes default with installation .
