PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 04/08/2017 8:18 AM by  Roger French
ldapbind issue
 9 Replies
Sort:
You are not authorized to post a reply.
Page 1 of 212 > >>
Author Messages
kshields
Lawson Admin
Private
Basic Member
(27 points)
Basic Member
Posts:11


Send Message:

--
04/06/2017 11:34 PM

    We are building a new Infor10 environment. LSF is installed as is Lawson for Infor Ming.le. It's version 10.0.9 with all current patches. This server will be a target for an upgrade from LSF 9.0.1.13.

    All smoke tests for LSF pass and the system seems to behave exactly as expected. Now I am trying to perform an ldapbind using the same bind information as was used on the LSF9 server. I haven't run ldapbind before, so I'm not 100% sure what to expect, but I've browsed thru Guru posts and it looks like you enter the command and answer prompts as they come up. I confirmed that with a consultant who just finished using the exact same version of ldapbind for another client, which worked fine. 

    After I enter $GENDIR/bin/ldapbind, it immediately responds, "bind successful". No prompts, nothing. There are no entries in any $LAWDIR/system/*log, no messages anywhere that I see, just "bind successful". I verified in ssoconfig that it made no changes, so it's just not doing anything. I've tried running it as lawson and as root, with lawsec on and lawsec off, but get the same result. I've also tried using the optional parameters like so (192.168.x.x is the client's ldap to which I'm trying to bind):

    ldapbind -D CN=serviceacct,CN=Users,DC=client,DC=ORG -h 192.168.x.x -p 3268 -q

    With this format, at least it tries to do something, but we get this response even after entering what I believe is the correct password:

    Please enter bind password:
    ldap_bind: Invalid credentials
    ldap_bind: additional info: 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 52e, v2580

    Any help would be appreciated. I have a support case open with Infor but it's been slow going getting responses, and I'm half expecting to hear that they don't provide support for this tool anyway.


    Roger French
    Private
    Private
    Veteran Member
    (1282 points)
    Veteran Member
    Posts:532


    Send Message:

    --
    04/07/2017 7:11 AM
    You running the ldapbind as 'lawson' user? Did you run your . cv to set the system variables (assuming this in AIX/Unix).

    Assuming the two steps above, all you have to enter in is "ldapbind". It should ask you for your credentials which are the same credentials for ssoconfig. If it doesn't then I would be concerned.
    The ldapbind command is a type of command-line wizard. It will keep asking you the parameters of which AD or DC you wish to bind to.
    kshields
    Lawson Admin
    Private
    Basic Member
    (27 points)
    Basic Member
    Posts:11


    Send Message:

    --
    04/07/2017 9:16 AM

    Yes, I have set the environment before running the command. And lawson is the user that's used to go into ssoconfig, so it seems like that's the right user to run ldapbind with. Something is making it think it's done before it does anything at all - I just don't know what that could be.

    Roger French
    Private
    Private
    Veteran Member
    (1282 points)
    Veteran Member
    Posts:532


    Send Message:

    --
    04/07/2017 12:23 PM

    After you enter ldapbind in the command line and hit Enter key

    ...what happens next? Does it ask you this question: "Please enter the password used for Lawson security utilites:" 

     

    If it does, what do you type in? The password it's asking for is the same password used for ssoconfig.

    kshields
    Lawson Admin
    Private
    Basic Member
    (27 points)
    Basic Member
    Posts:11


    Send Message:

    --
    04/07/2017 12:44 PM
    No, it does not ask for the password or anything else. It immediately displays "bind successful" and ends.
    You are not authorized to post a reply.
    Page 1 of 212 > >>