Prev
Next
Forums S3 Systems Administration

New AD LDS & Lawson 9.0.1.8 Install error

Sort:
You are not authorized to post a reply.
Author
Messages
mburgett
Basic Member
Posts: 4
Basic Member
8/14/2013 2:04 PM
    Greetings,

    I am installing Lawson 9.0.1.8 to new Windows 2008 R2 64bit server. I installed AD LDS without any apparent issues, but when I run the Lawson LSFCT.jar install file, I get a "Failed LDAP user validation test" when it attempts to verify the ldap connection.

    Is there a good guide out there on what steps need to be completed in order to install AD LDS to work with Lawson?

    I have tried every conceivable combination of options for the AD LDS install, and I keep getting basically the same type of authorization errors.

    Using the standard 389 port
    Running the service with a Network Service Account
    I've tried with and without a directory partition
    I've tried using a local user and a domain user as the Administrator
    I've tried only importing one LDIF vs multiple files. Even tried all of them

    I can connect to the instance using ADSI Edit, but I can't connect using a browser like JXplorer. When I create the directory partition, i do see three CN objects named LostAndFound, NTDS Quotas and Roles.

    I was able to use the LDP.exe browser utility to connect to the instance, and was able to bind using the admin name and password that I set up during the install.

    During the Lawson Install, on the Configuring Resource Management page, I keep getting a validation error.

    I am learning the LDAP side of this as well and may very well be missing something obvious. Not to mention, the Lawson Install Guide is really vague.

    Any assistance with the proper steps to setup AD LDS would be greatly appreciated.

    -Mike
    John Henley
    Senior Member
    Posts: 3348
    Senior Member
    8/14/2013 3:14 PM
      After the instance is created, you need to adjust the schema via ADSI-Edit (against the schema, e.g. CN=Schema, CN=Configuration...)
      Need to add:
      1. organization into OrganizationalUnit poss-Superiors
      2. organizationalUnit into Organization poss-Superiors

      If I remember correctly, that is what is causing the validation errors...

      Here are some rough notes on creating the LDS/ADAM instance.

      Create a new domain user, and add it to the administrators group (i.e. don't just use the lawson account).
      Login as that new domain account, and select it (not the network service account) for the service account, and instance setup will add to 'run as service' permission
      there is a step in the instance setup where you select user to have admin permissions, select 'currently logged in user'
      Create instance as a unique instance (not a replica)
      Create with an app directory partition, e.g., ou=lwsn,dc=lwsn,dc=example,dc=com (in other words, keep make it a subset above your normal DC)

      For LDIF files, import MS-InetOrgPerson.LDF


      After instance is created,
      Adjust schema using ADSI-Edit
      Need to add:
      1. organization into OrganizationalUnit poss-Superiors
      2. organizationalUnit into Organization poss-Superiors

      add a local LDS/ADAM user into the new instance (not the same as the domain account added previously)
      for the new local ADAM user, set the password, change the msDS-UserAccountDisabled attribute from TRUE to FALSE, change set the msDS-UserDontExpirePassword to TRUE, and add the account to the Administrator, Readers, and Users role
      Thanks for using the LawsonGuru.com forums!
      John
      mburgett
      Basic Member
      Posts: 4
      Basic Member
      8/14/2013 3:37 PM
        Wow, I will give this a try. 

        Thank you for the information!
        John House
        New Member
        Posts: 2
        New Member
        8/15/2013 6:58 PM
          John,

          Could you give a little more detail on how to adjust the schema with ADSI-Edit to add

          1) organization into OrganizationalUnit poss-Superiors
          and
          2) organizationalUnit into Organization poss-Superiors

          I am experiencing a similar problem when running the LSFCT core install configuring Resource Management getting error:

          ‘User CN=ldapadmin,CN=lwsn,DC=mycompany,DC=com couldn’t write an object of type organization with CN=lwsn,DC=mycompany,DC=com on your server.  This may be due to the fact that possible superiors list of the object type “Organization” does not include the object type of your CN=lwsn,DC=mycompany,DC=com’.

          ldapadmin is the local ADAM user that has been assigned to the Admistrator, Readers, and Users roles.
          John House
          New Member
          Posts: 2
          New Member
          8/16/2013 3:23 PM

            I opened a ticket with Lawson and the support engineer was able to assist.

            In my case the solution was to add "container" to the possible Superiors for the organization object class.

            To do this create a new session in ADSI edit with a connection point "Schema" on the local computer.

            Then locate the object class Organization and right click it and select properties.  Then scroll to the poss-Superiors attribute and double-click and add "container".

            Click OK --> then Apply.

            Stop and restart the ADAM instance. 

            To verify go back to ADSI Edit but create a new session with a connection point of "Distinquished Name" in my case "cn=lwsn,dc=mycompany,dc=com".

            Once connected, right click on the distinquished name and select "New" --> "Object".

            "Organization" should now appear in the list of object classes.  At this point you can continue with the LSFCT install.
            mburgett
            Basic Member
            Posts: 4
            Basic Member
            8/20/2013 12:35 PM

              Well, I thought I was good to go after following your advice.  I can connect to the ldap instance with jxplorer and everyting looks ok.

              The installer begins, copies all of the required files and begins to install security. When the installer gets to the part where it tests the RM Configuration, I receive an error. I thought it was a user priviledge error, but I have tried two different admin users and I get the same error.

              Note, The installer never reaches "Install LDIF File" as shown on page 34 of the Install Guide.

              Detail Snippit:

              note: starting ssoconfig
              note: ssoconfig finished...
              note: creating ldif content
              note: skipping generation of ldif file
              test: to see if RM is configured properly
              Fatal: [install-sec.pl] first part of Security install failed
              Activating Lawson Security, RM, and SSO failed.
              Activating Lawson Security, RM, and SSO failed.
              Errors Occurred During Installation

              Log Snippit:

              @@ h2 note: ssoconfig finished...
              @@ h2 note: creating ldif content
              @@ h2 note: skipping generation of ldif file
              @@ h2 test: to see if RM is configured properly

              Test failed getting RM Context: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
               'CN=lawtest,DC=armc,DC=prv'

                !%&# create FAILED
              Test failed deleting test user idForSmokeTesting9999 during tear down: java.lang.NullPointerException
              Stack Trace : java.lang.NullPointerException
               at com.lawson.lawrm.api.RMBasicSmokeTest.deleteTestUser(RMBasicSmokeTest.java:395)
               at com.lawson.lawrm.api.RMBasicSmokeTest.tearDown(RMBasicSmokeTest.java:426)
               at com.lawson.lawrm.api.RMBasicSmokeTest.run(RMBasicSmokeTest.java:201)
               at com.lawson.lawrm.api.RMBasicSmokeTest.main(RMBasicSmokeTest.java:268)

              Fatal: [install-sec.pl] first part of Security install failed
              rmbasicsmoketest failed
              Error: Fatal: [install-sec.pl] first part of Security install failed
              John Henley
              Senior Member
              Posts: 3348
              Senior Member
              8/21/2013 10:54 AM
                When you create the instance, what is the DN for the partition?
                When you create the local ADAM/LDS user, what is the DN for that user?
                When you are installing LSF, and on the 'Configuring Resource Management' dialog, what is the DN you are entering for the 'LDAP Administrator user'?
                You need to double-check that you are entering the correct DN for that user, as well as the Windows user you used to create the instance.
                Also, make sure the 'LDAP administrator user' is a member of the Administrators role in the instance.
                Go back and re-read my instructions, and make sure you really did all of the steps.
                Thanks for using the LawsonGuru.com forums!
                John
                mburgett
                Basic Member
                Posts: 4
                Basic Member
                8/21/2013 12:17 PM

                  Greetings John,

                  I had followed all of your instructions   But I apparently added my own step in there.

                  Where I screwed up; For some oddball reason I had created the Organization for the RMdata manually. I'm not sure why I did this, but once I deleted that object, the install made it past that error!

                  I really appreciate your advice and getting me on the right track!

                  Thank you very much!
                  You are not authorized to post a reply.