What are the configuration changes that need to be made at the ADAM server end to make the LDAP adapter publication service to work with ADAM server?
Article ID: KB0087328
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP | - |
| Not Applicable | - |
Description
Resolution:
For the publication service of the LDAP adapter to publish the changes made at the ADAM server side, the user with which the adapter is logging in to the ADAM server should have enough permissions on the DN, CN=Configuration, CN= GUID.
Please follow the below steps to create an LDAP user which can successfully work with LDAP adapter publication service.
1. Create a user under your Directory:" CN=Configuration, CN=GUID”. In case the directory server is throwing the “Security principal objects can only be created inside domain naming contexts” error, follow the below steps to create a user successfully.
a) Launch the ADAM ADSI Edit
b) Expand cn=Configuration, cn={60E0642A-BEAE-41F1-8A8F-5CC986859E4D} container.
c) Expand cn=Services object.
d) Expand cn=Windows NT object.
e) Right click the cn=Directory Service object and then click properties.
f) In the Attributes list , click msDS-Other-Settings, and then click Edit.
g) In the Values list , click ADAMAllowADAMSecurityPrincipalsInConfigPartition value and then click remove.
h) In the value to add box, type ADAMAllowADAMSecurityPrincipalsInConfigPartition=1, and then click add.
i) After modifying the msDS-Other-Settings please cross check that if it has been modified or not.
j) Create a user in the container under CN=Configuration, CN=GUID
2. Add this user to the group of Administrator, This " CN=Administrators " is under: "CN=Roles, CN=Configuration, CN=GUID”
3. If the instance you created is "O=Microsoft, C=US", then add the user to the group of Administrator, This " CN=Administrators " which is under : "CN=Roles, O=Microsoft ,C=US"
4. Create a designer project with LDAP publish service. The user should be the above created one and the BaseDN is "O=Microsoft, C=US".
For the publication service of the LDAP adapter to publish the changes made at the ADAM server side, the user with which the adapter is logging in to the ADAM server should have enough permissions on the DN, CN=Configuration, CN= GUID.
Please follow the below steps to create an LDAP user which can successfully work with LDAP adapter publication service.
1. Create a user under your Directory:" CN=Configuration, CN=GUID”. In case the directory server is throwing the “Security principal objects can only be created inside domain naming contexts” error, follow the below steps to create a user successfully.
a) Launch the ADAM ADSI Edit
b) Expand cn=Configuration, cn={60E0642A-BEAE-41F1-8A8F-5CC986859E4D} container.
c) Expand cn=Services object.
d) Expand cn=Windows NT object.
e) Right click the cn=Directory Service object and then click properties.
f) In the Attributes list , click msDS-Other-Settings, and then click Edit.
g) In the Values list , click ADAMAllowADAMSecurityPrincipalsInConfigPartition value and then click remove.
h) In the value to add box, type ADAMAllowADAMSecurityPrincipalsInConfigPartition=1, and then click add.
i) After modifying the msDS-Other-Settings please cross check that if it has been modified or not.
j) Create a user in the container under CN=Configuration, CN=GUID
2. Add this user to the group of Administrator, This " CN=Administrators " is under: "CN=Roles, CN=Configuration, CN=GUID”
3. If the instance you created is "O=Microsoft, C=US", then add the user to the group of Administrator, This " CN=Administrators " which is under : "CN=Roles, O=Microsoft ,C=US"
4. Create a designer project with LDAP publish service. The user should be the above created one and the BaseDN is "O=Microsoft, C=US".
Issue/Introduction
What are the configuration changes that need to be made at the ADAM server end to make the LDAP adapter publication service to work with ADAM server?
Feedback
Yes
No
Powered by
