Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
New AD LDS & Lawson 9.0.1.8 Install error
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
chaoticist
Past 24 Hours:
2
Prev. 24 Hours:
0
Overall:
5185
People Online:
Visitors:
182
Members:
0
Total:
182
Online Now:
New Topics
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Infor ION
ION vs IPA
2/29/2024 1:24 AM
We had a person new to Lawson and Infor go to Info
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Systems Administration
New AD LDS & Lawson 9.0.1.8 Install error
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
mburgett
Basic Member
Posts: 4
8/14/2013 2:04 PM
Greetings,
I am installing Lawson 9.0.1.8 to new Windows 2008 R2 64bit server. I installed AD LDS without any apparent issues, but when I run the Lawson LSFCT.jar install file, I get a "Failed LDAP user validation test" when it attempts to verify the ldap connection.
Is there a good guide out there on what steps need to be completed in order to install AD LDS to work with Lawson?
I have tried every conceivable combination of options for the AD LDS install, and I keep getting basically the same type of authorization errors.
Using the standard 389 port
Running the service with a Network Service Account
I've tried with and without a directory partition
I've tried using a local user and a domain user as the Administrator
I've tried only importing one LDIF vs multiple files. Even tried all of them
I can connect to the instance using ADSI Edit, but I can't connect using a browser like JXplorer. When I create the directory partition, i do see three CN objects named LostAndFound, NTDS Quotas and Roles.
I was able to use the LDP.exe browser utility to connect to the instance, and was able to bind using the admin name and password that I set up during the install.
During the Lawson Install, on the Configuring Resource Management page, I keep getting a validation error.
I am learning the LDAP side of this as well and may very well be missing something obvious. Not to mention, the Lawson Install Guide is really vague.
Any assistance with the proper steps to setup AD LDS would be greatly appreciated.
-Mike
John Henley
Senior Member
Posts: 3348
8/14/2013 3:14 PM
After the instance is created, you need to adjust the schema via ADSI-Edit (against the schema, e.g. CN=Schema, CN=Configuration...)
Need to add:
1. organization into OrganizationalUnit poss-Superiors
2. organizationalUnit into Organization poss-Superiors
If I remember correctly, that is what is causing the validation errors...
Here are some rough notes on creating the LDS/ADAM instance.
Create a new domain user, and add it to the administrators group (i.e. don't just use the lawson account).
Login as that new domain account, and select it (not the network service account) for the service account, and instance setup will add to 'run as service' permission
there is a step in the instance setup where you select user to have admin permissions, select 'currently logged in user'
Create instance as a unique instance (not a replica)
Create with an app directory partition, e.g., ou=lwsn,dc=lwsn,dc=example,dc=com (in other words, keep make it a subset above your normal DC)
For LDIF files, import MS-InetOrgPerson.LDF
After instance is created,
Adjust schema using ADSI-Edit
Need to add:
1. organization into OrganizationalUnit poss-Superiors
2. organizationalUnit into Organization poss-Superiors
add a local LDS/ADAM user into the new instance (not the same as the domain account added previously)
for the new local ADAM user, set the password, change the msDS-UserAccountDisabled attribute from TRUE to FALSE, change set the msDS-UserDontExpirePassword to TRUE, and add the account to the Administrator, Readers, and Users role
mburgett
Basic Member
Posts: 4
8/14/2013 3:37 PM
Wow, I will give this a try.
Thank you for the information!
John House
New Member
Posts: 2
8/15/2013 6:58 PM
John,
Could you give a little more detail on how to adjust the schema with ADSI-Edit to add
1) organization into OrganizationalUnit poss-Superiors
and
2) organizationalUnit into Organization poss-Superiors
I am experiencing a similar problem when running the LSFCT core install configuring Resource Management getting error:
‘User CN=ldapadmin,CN=lwsn,DC=mycompany,DC=com couldn’t write an object of type organization with CN=lwsn,DC=mycompany,DC=com on your server. This may be due to the fact that possible superiors list of the object type “Organization” does not include the object type of your CN=lwsn,DC=mycompany,DC=com’.
ldapadmin is the local ADAM user that has been assigned to the Admistrator, Readers, and Users roles.
John House
New Member
Posts: 2
8/16/2013 3:23 PM
I opened a ticket with Lawson and the support engineer was able to assist.
In my case the solution was to add "container" to the possible Superiors for the organization object class.
To do this create a new session in ADSI edit with a connection point "Schema" on the local computer.
Then locate the object class Organization and right click it and select properties. Then scroll to the poss-Superiors attribute and double-click and add "container".
Click OK --> then Apply.
Stop and restart the ADAM instance.
To verify go back to ADSI Edit but create a new session with a connection point of "Distinquished Name" in my case "cn=lwsn,dc=mycompany,dc=com".
Once connected, right click on the distinquished name and select "New" --> "Object".
"Organization" should now appear in the list of object classes. At this point you can continue with the LSFCT install.
mburgett
Basic Member
Posts: 4
8/20/2013 12:35 PM
Well, I thought I was good to go after following your advice. I can connect to the ldap instance with jxplorer and everyting looks ok.
The installer begins, copies all of the required files and begins to install security. When the installer gets to the part where it tests the RM Configuration, I receive an error. I thought it was a user priviledge error, but I have tried two different admin users and I get the same error.
Note, The installer never reaches "Install LDIF File" as shown on page 34 of the Install Guide.
Detail Snippit:
note: starting ssoconfig
note: ssoconfig finished...
note: creating ldif content
note: skipping generation of ldif file
test: to see if RM is configured properly
Fatal: [install-sec.pl] first part of Security install failed
Activating Lawson Security, RM, and SSO failed.
Activating Lawson Security, RM, and SSO failed.
Errors Occurred During Installation
Log Snippit:
@@ h2 note: ssoconfig finished...
@@ h2 note: creating ldif content
@@ h2 note: skipping generation of ldif file
@@ h2 test: to see if RM is configured properly
Test failed getting RM Context: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=lawtest,DC=armc,DC=prv'
!%&# create FAILED
Test failed deleting test user idForSmokeTesting9999 during tear down: java.lang.NullPointerException
Stack Trace : java.lang.NullPointerException
at com.lawson.lawrm.api.RMBasicSmokeTest.deleteTestUser(RMBasicSmokeTest.java:395)
at com.lawson.lawrm.api.RMBasicSmokeTest.tearDown(RMBasicSmokeTest.java:426)
at com.lawson.lawrm.api.RMBasicSmokeTest.run(RMBasicSmokeTest.java:201)
at com.lawson.lawrm.api.RMBasicSmokeTest.main(RMBasicSmokeTest.java:268)
Fatal: [install-sec.pl] first part of Security install failed
rmbasicsmoketest failed
Error: Fatal: [install-sec.pl] first part of Security install failed
John Henley
Senior Member
Posts: 3348
8/21/2013 10:54 AM
When you create the instance, what is the DN for the partition?
When you create the local ADAM/LDS user, what is the DN for that user?
When you are installing LSF, and on the 'Configuring Resource Management' dialog, what is the DN you are entering for the 'LDAP Administrator user'?
You need to double-check that you are entering the correct DN for that user, as well as the Windows user you used to create the instance.
Also, make sure the 'LDAP administrator user' is a member of the Administrators role in the instance.
Go back and re-read my instructions, and make sure you really did all of the steps.
mburgett
Basic Member
Posts: 4
8/21/2013 12:17 PM
Greetings John,
I had followed all of your instructions
But I apparently added my own step in there.
Where I screwed up; For some oddball reason I had created the Organization for the RMdata manually. I'm not sure why I did this, but once I deleted that object, the install made it past that error!
I really appreciate your advice and getting me on the right track!
Thank you very much!
You are not authorized to post a reply.