Dear all,
I have been trying to use the Import LDAP Users function in Business Architect but was unable to get it to work. I am sure my settings for LDAP connection are correct as I was able to get the "Automatically import users at login" to work. But when I try to run the import LDAP Users function, I will get the following popup error message:
"Unable to connect to the LDAP system due to incorrect connection data.
Please contact your LDAP administrator."
I have already activated my ldap integration log, and following are what I get when I run the Import LDAP Users function:
2011-09-26T16:53:08,697 searching ldap with filter: (&(objectClass=user)(memberOf=CN= ... ))
com.idsscheer.aris.server.common.ldap.ALDAPConnection.find
2011-09-26T16:53:08,745 search result: CN=...,OU=... com.idsscheer.aris.server.common.ldap.ALDAPConnection.find
...
There is no exception message shown in the log. Only shows a list of users successful retrieved based on the filter.
Under "Filter and Import" of the LDAP Settings, I have set the filter as follows:
Login: (&(objectClass=person)(cn={0}))
User:(&(objectClass=user)(memberOf=CN=...))
Any idea what is wrong? Thanks ...
Dear KL GIAM.
the "Log In" filter for the user login for example should have the following structure:
(&(sAMAccountName={0})(objectClass=user)(memberOf=CN=Usergroup,CN=Users,DC=DOMAIN))
That filter has 3 conditions that must be true:
- the LDAP attribute sAMAccountName must match the user name specified in the login dialog ( {0} is a placeholder for that input)
- the objectClass of the entity in LDAP must be user
- the user in LDAP must be memberOf the user group "Usergroup"… whose members are only allowed to work with ARIS
The "user import" filter is used to show the list of LDAP users if you want to manually import a user from the LDAP system. This filter has a relation to the "Log In" filter that the result of this filter must be a superset of the filter returned from the user login.
Dear Mr. Heylmann,
Thanks for the response. Yes I have set my login filter to the format:
(&(sAMAccountName={0})(objectClass=user)(memberOf=CN=Usergroup,CN=Users,DC=DOMAIN))
I am pretty sure it is correct as I am able to login via LDAP when I set "Automatically import users at login" to true.
The problem is when I do "Import LDAP Users". I have set the user filter to be the superset of login filter:
(&(objectClass=user)(memberOf=CN=Usergroup,CN=Users,DC=DOMAIN))
I can also see in the ldap integration log that it is correctly retrieving a list of users from LDAP. But it will always end up with the pop up error message:
"Unable to connect to the LDAP system due to incorrect connection data.
Please contact your LDAP administrator."
There is no error reflected in the log, so I am not able to figure out why the error message keeps showing.
Really appreciate if you have any ideas, like whether I have missed out certain settings. I did not do any setting in the user attribute mapping. Could this be the reason?
Thanks!
I managed to get the Import LDAP Users to work soon after submitting the previous message. You need to map "Name" in the user attribute mapping to the login userId that you use to login via LDAP. In the above case "Name" should map to the sAMAccountName. The other attributes are not compulsory to be mapped.
Hope this will help others who are facing the same problem.