Active Directory/LDAP tie in

Report · Aug 06, 2009

I have followed the scarce help manual and the postings here.

However while others have mentioned this issue, no one posts the fix.

The last person mentioned having a senior support person scheduled to call them to resolve.

Here is the setup:

RoboHelp Server 8 - installed on Win2k3, Running Tomcat/Apache.

AD server(s) are 2003. (Does not matter which server I querry)

Followed the instruction guide, and subbed in our settings:

#Specify the kind of authentication to be used
#authtype = ldap
DefAdminUid = domainadminaccount
DefAdminPwd =

#To use LDAP authentication , uncomment the following lines and specify ldap details of your organization
authtype = ldap
ldapURL = ldap://ldapserver:389
usersearch = CN=Users, DC=our, DC=domain, DC=org
rolesearchbase = DC=our, DC=domain, DC=org
useridkey = CN
rolename = CN
rolesearch = memberOf

2 issues arose:

1st - our users are not located only in the CN=Users container - for orgnaizational and security reasons.

The domain admin account is in that conatinaer though, and so if I kept the usersearch line as above - it worked (on Tuesday).

However, I could not get it to search subcontainers, so no other users would work.

Any ideas on subcontainer searching?

2nd - Today I come in and play with the settings (trying different options to get it to search subcontainers) - and now the above search will not work either. This is a DomainAdmin account - so no account lockout is the issue. i am getting the following error:

javax.naming.AuthenticationException:

[LDAP: error code 49 - 80090308:

LdapErr: DSID-0C090334, comment:

AcceptSecurityContext error, data 525, vece

From what i can see this is a "user not found error"

But the user is there. And using MS LDAP tool, I can bind and querry using the above account.

Using JExplorer LDAP browser on the the RoboHelp Server produces the same error.

This error was also present with issue 1 above - not searchign subcontainers.

Stumped.

Any ideas on the above 2 issues? I can change the setting back to db and admin (default) and login, but of course that does not provide help.

Thanks for any ideas.

Gillis

Report · Aug 06, 2009

Update:

I got both LDAP Explorer2 and JExplorer to work attaching to LDAP/AD server using the following:

User DSN: CN=domainadminname,CN=Users,DC=our,DC=domain,DC=org

However - subbing that in the DefAdminUid field still results in the above error.

Report · Aug 06, 2009

Fixed back to where I was on Tuesday:

#Specify the kind of authentication to be used
#authtype = ldap
DefAdminUid = domainadminaccount
DefAdminPwd =

#To use LDAP authentication , uncomment the following lines and specify ldap details of your organization
authtype = ldap
ldapURL = ldap://ldapserver:389
usersearchbase = CN=Users, DC=our, DC=domain, DC=org
rolesearchbase = DC=our, DC=domain, DC=org
useridkey = CN
rolename = CN
rolesearch = memberOf

However I need to change usersearchbase to be one level higher and get it to search subcontainers.

A setting like "usersearchscope" or some such setting.

It is eveidentally set to false or 0 or 1 - not 2 or true which is the setting that allows sub searches.

Looking thru all the js and xml files now...

Report · Jul 03, 2011

What do you mean by

"It is eveidentally set to false or 0 or 1 - not 2 or true which is the setting that allows sub searches."

You changed RoboHelp Server or Tomcat configuration ?

Report · Apr 19, 2010

Did you ever get a solution for this? I have LDAP to AD working for RoboHelp Server but cannot get it to traverse sub-trees.

Report · Apr 19, 2010

Hi, Paul

I will alert Adobe's engineering team and see if they can take a look at your post.

Thanks

John Daigle
Adobe Certified RoboHelp and Captivate Instructor
Evergreen, Colorado
www.showmethedemo.com

John Daigle
Adobe Certified RoboHelp and Captivate Instructor
Newport, Oregon