How to login EMS server as sAMAccount when EMS Server authenticates users defined externally in Microsoft Active Directory Server

How to login EMS server as sAMAccount when EMS Server authenticates users defined externally in Microsoft Active Directory Server

book

Article ID: KB0090647

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Message Service -
Not Applicable -

Description

Resolution:
You can use following steps to login to EMS Server as sAMAccountName in Microsoft Active Directory server:

1. Make sure your LDAP setting in EMS main configuration file uses CN as user attribute: ldap_user_attribute.

2. Modify your ldap_user_filter to check sAMAccountName, ex:
   ldap_user_filter               = (&(sAMAccountName=%s))

3. Disable your LDAP cache by commenting out:

       #ldap_cache_enabled       = TRUE
       #ldap_cache_ttl                 = 0

4. Then login EMS Server through EMS client using sAMAccountName as user name.

The following is a sample LDAP setting:
ldap_url                          = ldap://ldaphost:389
ldap_principal                 = "CN=user9 D,OU=production,OU=ACCOUNTS,DC=ems,DC=support,DC=com"
ldap_credential               = Tibco123
ldap_user_class             = person
ldap_user_attribute         = cn
ldap_user_base_dn        = "OU=ACCOUNTS,DC=ems,DC=support,DC=com"
ldap_user_scope            = subtree
ldap_user_filter               = (&(sAMAccountName=%s))

#ldap_cache_enabled     = TRUE
#ldap_cache_ttl               = 0

Issue/Introduction

How to login EMS server as sAMAccount when EMS Server authenticates users defined externally in Microsoft Active Directory Server
Powered by Wolken Software