Since your setup is successful, try the following debug steps to find out why exactly it is not working for you ,
- Open simias.config file from your data path, check what attribute is set as login attribute, i.e. <setting name="NamingAttribute" value="cn" /> here CN is set as login attribute.
- Run an ldapsearch command to get all user objects with all attribute details from AD server.
- Now check, login attribute value associated with ifolderadmin user object. If it is same as the one you are using at the time of login, it should ideally allow you to login.
- If the above is not resolving your issue, check if there are multiple users with the same login attribute value. In this case user object found later in LDAP sync will overwrite the initial user objects as both are having same login attribute value. Make sure there are not duplicate users with same login attribute value, clean the datapath and setup iFolder again. (This is a bug in 3.7.2 and already fixed in trunk)
- If any of the above is not solving your problem, Replace "INFO" string to "DEBUG" in <DATAPATH>/Simias.log4net file and save the same. Restart apache, try and login to admin console, now open Simias.log from <DATAPATH>/log/Simias.log file and make sure ifolderadmin is getting synced properly.
- There could be an issue with proxy user configured, so it is not syncing any user objects to iFolder, with debug log enabled, ifolder will log enough information to log file which you can use to zero in the problem and resolve the same.
I hope the above debug procedure will help you resolve the problem you are currently hitting. In case you have any other specific question in this regard let me know.
Guest Workspace
Thanks for the quick response. I checked the simias.config file and NamingAtrribute is set to CN but I'm having trouble getting the syntax correct for the ldapsearch command. I apologize but I'm new to Linux and have never run this command before. I keep getting the following error:
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
ldapsearch -x -Z -H ldap://<IP>:389 -D "AD Admin DN" -W -b "users/admin Search context"
Examples:
ldapsearch -x -Z -H ldap://xxx.xxx.xxx.xxx:389 -D "CN=Administrator, cn=Users, dc=xyz,dc=com" -W -b " cn=Users, dc=xyz,dc=com"
or if you have configured certificate as mentioned previously attached document and AD is running in SSL mode you can try,
ldapsearch -x -Z -H ldaps://xxx.xxx.xxx.xxx:636 -D "CN=Administrator, cn=Users, dc=xyz,dc=com" -W -b " cn=Users, dc=xyz,dc=com"
Thank you again. I finally got the ldapsearch command to run per your examples. I do get the following error before it asks for the LDAP password: ldap_start_tls: Server is unavailable (52), but the command does run. I limited the search to just the ifolderadmin account I'm trying to use. I've attached the results. In your next step you ask me to check for multiple users with the same login attribute value. Before I enabled LDAP I was able to get into the administrative web interface and I created a user (gknue) and used this as a test account. I was able to login into the user web interface and also connect a windows xp client. Could this account be causing me problems? If so, I'm not sure how to get rid of it since I can't get into the admin interface. I did change the INFO string to DEBUG in Simias.log4net file and restarted apache but I don't see any erros in the simias.log except when I try to login as gknue and then I get the following error:
2009-10-09 17:57:23,245 [-1444026032] ERROR Simias.ADLdapProvider.User - LdapError:80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771
2009-10-09 17:57:23,245 [-1444026032] ERROR Simias.ADLdapProvider.User - Error:Invalid Credentials
2009-10-09 17:57:23,245 [-1444026032] ERROR Simias.ADLdapProvider.User - DN:gknue
I'm sorry to be so ignorant on this but your help is greatly appreciated.