Active Directory with Global Monitor

[Lee Anne Caruso]

Has anyone setup an user’s login and password within Global Monitor that is insync with active directory?

Thank you,

Topic

[Kevin Scantlan]

We are trying, but having difficulties.  I am working with support who has forwarded the problem to development.

Did you ever get you problems resolved?

[Max Drown (Infor)]

LDAP support for GM is coming soon!

-- Max Drown (Infor)

[Kevin Scantlan]

Is already here with 6.04…. but it’s not working, at least under certain conditions.  And we have those conditions.  The fix is supposed to be in the next AR.  We’re talking with support about a work around.

[Rehman Masood]

I got it working at 2 different places with no major issues. What issues r u guys having?

[Kevin Scantlan]

Had problems with finding the userid when the LDAP info was contained in more section.  They put a fix in, but my userid is still not working.

[Rehman Masood]

I am not familiar for the more section. For me, it was adding the following elements at both places,

– Host Name

– Port

– Encryption Method = SSL Encryption

– Authentication Method = Simple Authentication

– Default Domain Name

Here is the output I get when I do the test.

Opening LDAP server connection…

LDAP Host:

LDAP Port:

LDAP server connection is opened successfully

LDAP server authentication…

Start bind request for domainuser …

Bind request for domainuser succeeded

Querying LDAP server…

Search Base: DC=domain

Search Filter: (&(|(sAMAccountName=user)(sAMAccountName=user@domain))(objectClass=organizationalPerson)(objectClass=person)(objectClass=top)(objectClass=user))

Search Attributes: dn,distinguishedName,cn,sAMAccountName,description,memberOf

---

Begin of Query Result

---

---

 End of Query Result  

---

Query LDAP failed

Closing LDAP server connection…

Closed LDAP server connection successfully

[Kevin Scantlan]

I may have worded it incorrectly.   Partiions maybe would be a better choice.  Cloverleaf would search the first partition on the LDAP server and if it could not find the userid would give up and not got go to other partitions for the continuation of the list of userids.

[Max Drown (Infor)]

I believe this has been fixed in the upcoming release of GM.

-- Max Drown (Infor)

[Kevin Scantlan]

That fix is already on our server, but still unable to sign in with my AD account.  We set up an AD account for the developers and their’s is working.

[Andrea Mancini]

Rehman,

We are getting the same output at our organization, but it’s not allowing us to log in to the IDE using our AD credentials. Notice in your output it says: Query LDAP failed. Does that mean anything?  Is there documentation on setting this up?

Opening LDAP server connection…

LDAP Host:

LDAP Port:

LDAP server connection is opened successfully

LDAP server authentication…

Start bind request for domainuser …

Bind request for domainuser succeeded

Querying LDAP server…

Search Base: DC=domain

Search Filter: (&(|(sAMAccountName=user)(sAMAccountName=user@domain))(objectClass=organizationalPerson)(objectClass=person)(objectClass=top)(objectClass=user))

Search Attributes: dn,distinguishedName,cn,sAMAccountName,description,memberOf

---

Begin of Query Result

---

---

 End of Query Result  

---

Query LDAP failed

Closing LDAP server connection…

Closed LDAP server connection successfully

[Rehman Masood]

Andrea Mancini wrote:

Rehman,

We are getting the same output at our organization, but it’s not allowing us to log in to the IDE using our AD credentials. Notice in your output it says: Query LDAP failed. Does that mean anything?

[Nick Schneider]

Do you need to have advanced security for LDAP to work?

[Kevin Scantlan]

No, you do not need advanced security.

[Peter Heggie]

requesting more info – LDAP for Cloverleaf IDE

Can someone add a little more information on the topic of using Active Directory for logging into the Cloverleaf IDE:

– is Advanced Security required?

– what version of Cloverleaf is required?

thanks,

Peter

Peter Heggie

[Nick Schneider]

Kevin Scantlan wrote:

No, you do not need advanced security.

Thanks for the response

[bill bearden]

We have AD security working with Global Monitor 6.1. We haven’t rolled it out to the users (IS helpdesk) yet. We are still testing/documenting the GM 6.1 functionality.

We didn’t try GM 6.0.4 so I can’t comment on that. We are running it on Windows Server 2008 R2. We are still on Cloverleaf 6.0. We don’t have the Security Server.

There is a Server Administrator program that comes with GM 6.1. I don’t remember there being a Server Administrator program with previous versions of GM. All the Server Administrator program appears to do is config the LDAP information. We filled in the fields for LDAP server and Default Domain. I left the port number blank and took the defaults for the Encryption and Auth (SSL and Simple, respectively). I clicked test. I entered credentials in the form domainusername and then my AD password. Others have included the output of this action. The difference was that, for me, I received a list of a bunch of AD Groups that I am a member of. (Note, if you don’t receive this list, it isn’t working.)

In the lower part of the of the Server Administrator window, I clicked the Import button. After it brought up all the AD Groups (7000+), I selected one. Back on the Server Administrator window, I left the Create user certificate checkbox checked. I clicked Save and entered the CA cert password.

I was able to log in to GM with my AD username and password. I was stuck for quite a while because I thought I needed to enter my username in the form domainusername or username@domain. Use just the username.

Logging in created a user in GM. The user still needs to be configured so I had to log out, log in with the admin user to configure the user. Logging in with my username also created a couple of cert files in WEB-INFconfigservercertsissued directory.

So far, I haven’t been able to get the Migration Tool to work. I am very curious whether the old user list and the old views get migrated. I wonder if our old user names would just work with AD after they were migrated. (That would be cool.)

One last thing… There is a known issue getting GM 6.1 to work with IE. It is listed in the known issues in the Release Notes. After we made the config change and tried it with IE9, it seemed to work.

[glen goldsmith]

We totally integrated cloverleaf 6.1 w/ AD.

It does not require advanced security.

Its nice, no more certificate mess anymore.

Works *very* well w/ the Cloverleaf IDE on citrix.

I’m curious what modifications were made to allow Internet Explorer to work with Global Monitor.

[Author]

Replies