Stuck with LDAP configuration

[ianven...@gmail.com]

Hi All,
I've been struggling to set-up PWM for over two weeks now and I'm really running into circles with the LDAP configuration and I badly need anyone's help please.

PWM is installed in an Ubuntu machine.

I'm tying to integrate it with Active Directory 2008:

servername: svrdc1
domain name: laboratory.com

My configuration goes this way:

*ldaps://svrdc1.laboratory.com:636

*LDAP Promiscuos SSL: False
*LDAP Proxy User: cn=administrator,cn=users,dc=svrdc1,dc=laboratory,dc=com
*LDAP Proxy Password: "password for my Administrator account"
*LDAP Contextless Login Root=cn=users,dc=svrdc1,dc=laboratory,dc=com

I'm not really sure if this should be my configuration and if not I would really appreciate it if someone can please point me to the right direction.

Its giving me this error:

Error connecting to ldap directory: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps://svrdc1.laboratory.com:636 as cn=administrator,cn=users,dc=svrdc1,dc=laboratory,dc=com reason: CommunicationException (simple bind failed: svrdc1.laboratory.com:636; sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Thanks in Advance.
Ian

[Menno Pieters]

As a quick start setting "LDAP Promiscuos SSL"  to True, should get you on you way. The LDAP certificate of the AD is not recognized/trusted by Java. If you run a recent build or 1.7.0 RC 3, you can import the certificates through the configuration editor (Actions -> Import LDAP Server Certificates).

- Menno

P.S. For an experienced LDAP and Tomcat user a basic setup of PWM shouldn't take more than 1-2 days

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/2c4ca8ba-f8bf-4ac3-ae3c-acdcc5662659%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[ianven...@gmail.com]

Thanks you so much for the quick response on my query Menno. Ill remove my current pwm try the new build that you mention. Sorry for my question but its actually my first time to work with tomcat specially on a linux box and its really giving me a hard time. I really appreciate your help. I'll let you know once I installed the new build.

Thanks,
Ian

[ianven...@gmail.com]

Thanks for pointing me to the right direction Menno. I was able to set-up PWM using the new built that you mention. Everything looks cool but I step into another issue when trying to save setup responses.

Its giving me this error:

PWM 5045

An error occurred during the save of your response questions. Please contact your administrator. { 5045 ERROR_WRITING_RESPONSES (response storage only partially successful; attempts=1, successes=0) }

Did I miss something here? I'm using the template: Active Directory-Store responses to Active Directory.

Thanks,

Ian

[ianven...@gmail.com]

Sorry I forgot to post the actual error. here it is.

[Menno Pieters]

Search the discussions on this forum and see the admin guide. Plenty of questions have been asked about this (you're not the first). You need to configure the storage for challenge questions: either a database, or extend the schema and configure the attribute for storage.

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/9d999fd4-5a32-4036-b2a3-d26d56f740f9%40googlegroups.com.

[ianven...@gmail.com]

Hi Menno,

Found it already. Thanks a ton you guys rock....!!!!!

All the best,
Ian

[eten...@gmail.com]

I extended my schema but still get this same error. Any tips?

[guilherme.re...@gmail.com]

Is possible remove this questions on the code of pwm? I don't need forget password module.