TIBCO ActiveSpaces® Release: 2.1.2 Security with LDAP Authentication on Windows Active Directory.
Article ID: KB0085455
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveSpaces | - |
| Not Applicable | - |
Description
Description:
Configuring TIBCO ActiveSpaces® Release: 2.1.2 Security with LDAP Authentication on Windows Active Directory.
Configuring TIBCO ActiveSpaces® Release: 2.1.2 Security with LDAP Authentication on Windows Active Directory.
Issue/Introduction
TIBCO ActiveSpaces® Release: 2.1.2 Security with LDAP Authentication on Windows Active Directory.
Resolution
When configuring TIBCO ActiveSpaces® Release 2.1.2 LDAP authentication with Windows Active Directory server, the baseDN is the most important setting.
baseDN = base distinguishedName
This unique distinguishedName for the user is used to search for the user. If found and if the password returns true, it will allow access.
The baseDN for this test is baseDN=CN=Users,DC=tibcowoywoy,DC=local
authentication=userpwd;source=ldap;name=cn;host=btapera-winsrv08r2.tibcowoywoy.local;plainPort=389;baseDN=CN=Users,DC=tibcowoywoy,DC=local;hint=Welcome to AS TIBCOWOYWOY Domain;
You may need additional software tools to retrieve the baseDN in your AD server. In order to check your Windows AD server for the distinguishedName for the Users group, you can use the Microsoft Active Directory Explorer to do this.
baseDN = base distinguishedName
This unique distinguishedName for the user is used to search for the user. If found and if the password returns true, it will allow access.
The baseDN for this test is baseDN=CN=Users,DC=tibcowoywoy,DC=local
authentication=userpwd;source=ldap;name=cn;host=btapera-winsrv08r2.tibcowoywoy.local;plainPort=389;baseDN=CN=Users,DC=tibcowoywoy,DC=local;hint=Welcome to AS TIBCOWOYWOY Domain;
You may need additional software tools to retrieve the baseDN in your AD server. In order to check your Windows AD server for the distinguishedName for the Users group, you can use the Microsoft Active Directory Explorer to do this.
Download from: http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx
Once installed, if you check in your Microsoft Active Directory Explorer under the user account, you will see the full distinguishedName similar to this:
CN=Tibbr1,CN=Users,DC=tibcowoywoy,DC=local
When you run AS LDAP, it will prepend the baseDN with cn=Username. This will make it look like: baseDN=CN=Tibbr1,CN=Users,DC=tibcowoywoy,DC=local
Always check that the username matches the CN=username used in the full distinguishedName of the user.
Once installed, if you check in your Microsoft Active Directory Explorer under the user account, you will see the full distinguishedName similar to this:
CN=Tibbr1,CN=Users,DC=tibcowoywoy,DC=local
When you run AS LDAP, it will prepend the baseDN with cn=Username. This will make it look like: baseDN=CN=Tibbr1,CN=Users,DC=tibcowoywoy,DC=local
Always check that the username matches the CN=username used in the full distinguishedName of the user.
Feedback
Yes
No
Powered by
