Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

LDAP and Active Directory

Avatar

Former Community Member
I'm experiencing difficulties in connecting my 2003 Active Directory with Workflow Server. I'm fairly new so any help would be great. Keep getting "unable to connect to service" when i "test server". Thinking it might be something to do with the bind path. I created an adobe user with all admin rights to use as the bind user...



name cn=adobe_wf, ou=WorkFlow, ou=Users, ou=Empire, dc=pens, dc=xxx, dc=xxx

password xxxxx



2006-06-19 03:00:59,998 INFO [org.quartz.core.JobRunShell] Job QUARTZ_JOBGROUP_IDP.DIRSYNC_JOB threw a JobExecutionException:

org.quartz.JobExecutionException: A full directory sync initiated through a cron setting or a user-initiated `Sync Now' action in the web console failed to start due to some other running job. This exception indicates that the full directory sync will be rescheduled to run as soon as possible.

atcom.adobe.idp.common.scheduler.DirectorySyncJob.executeSyncInitiate(DirectorySyncJob.java:143)

atcom.adobe.idp.common.scheduler.DirectorySyncJob.execute(DirectorySyncJob.java:89)

at org.quartz.core.JobRunShell.run(JobRunShell.java:191)

atorg.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)

2006-06-19 03:01:00,045 INFO [STDOUT] dbDomain:pens.xxx.xxxisLfalsedbSSSTARTED

2006-06-19 03:01:00,045 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-4, hc: 17023149 ]---->Sync: Start reading users in domain: pens.xxx.xxx

2006-06-19 03:01:00,060 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: DefaultQuartzScheduler_Worker-4, hc: 17023149 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13313 errorCodeHEX:0x3401 message:preparing query type search chainedException:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''chainedExceptionMessage:[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] chainedException trace:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''
5 Replies

Avatar

Former Community Member
If you were to use an LDAP utility, such as LDAP Browser (http://www.ldapadministrator.com/download/index.php) are your connection settings yielding expected results? You can use this tool to obtain the exact binding information that should be provided.



Is your version of Active Directory a vanilla deployment or has the schema been modified? If modified, you will need to accommodate for the values you provide in the configuration panel.



Does your Active Directory Server support anonymous access? If so, you can also use anonymous to confirm connection before providing a specific account for connectivity.



Cheers,

Val@Adobe

Avatar

Former Community Member
Thanks for the help. The AD is all default settings. I've just installed softerra and the paths match fine. Anonymous access is off by default(I'll have to clear opening it with the higher up). here's what i've got so far.



server: 10.101.x.x

port: 389

SSL: no

Binding: name: cn=Adobe WF, ou=Adobe Livecycle WF, ou=Users, ou=Empire,

dc=pens, dc=xxxx, dc=xxx

password: xxxxxx



USER SETTINGS

Unique Identifier: dn

Base DN: dc=pens, dc=xxxx, dc=xxx

Everything else is default

no group settings



And I'm still getting "unable to connect to service"

If any other server.log info would help let me know thanks again for the help :)



2006-06-20 08:29:31,658 INFO [org.apache.xml.security.signature.Reference] Verification successful for URI "#a3c7b920b329c2cf872e1e750e8f9e23"

2006-06-20 08:29:33,141 INFO [org.apache.xml.security.signature.Reference] Verification successful for URI "#f266177e177763474e1d4a1f6793ddbd"

2006-06-20 08:29:58,834 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: http-0.0.0.0-8080-Processor21, hc: 24635598 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13313 errorCodeHEX:0x3401 message:preparing query type search chainedException:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''chainedExceptionMessage:[LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ] chainedException trace:javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name ''

Avatar

Former Community Member
I've finally got the server to connect. Now I'm trying to search for users and groups. Is there another step that I'm missing, Because I can't find any users or groups. According to the log the sync went through fine. I am getting a WARNing though. Can someone point me in the right direction. Thanks for the help...



2006-06-21 10:27:30,511 WARN [com.adobe.idp.common.errors.exception.IDPLoggedException] UserM:GENERIC_WARNING: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] errorCode:13318 errorCodeHEX:0x3406 message:non-dn, so leaving as-is DN:adobe_wf@pens.xxxx.xxx emsg:improperly specified input name: adobe_wf@pens.xxxx.xxx

2006-06-21 10:27:30,527 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Start reading group members in domain: pens.xxxx.xxx

2006-06-21 10:27:30,543 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Start searching group members for nested groups in domain: pens.xxxx.xxx

2006-06-21 10:27:30,543 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: Finalizing groups synchronization for domain: pens.xxxx.xxx

2006-06-21 10:27:31,558 INFO [com.adobe.idp.um.businesslogic.directoryservices.DirectorySynchronizationManagerBean] UserM:: [Thread: DefaultQuartzScheduler_Worker-8, hc: 1288232 ]---->Sync: pens.xxxx.xxx

Avatar

Former Community Member
Have you found a fix for this? I am seeing this now.



Thanks,



John

Avatar

Level 1

We just had this problem this morning.  Suddenly, users cannot log in.  My only guess is that the latest M$ security updates are causing the problem.  A bunch were just installed yesterday.  The server hasn't been rebooted yet.  I'm hoping a reboot will fix the issue.  Did anyone else have this problem with the recent updates?