edirectory support?

Mar 26, 2013 at 3:33 AM
Has anybody had any success using this with Novells edirectory?
Coordinator
Mar 26, 2013 at 4:48 AM
Do you mind posting the error messages?
Thanks
Alex.
Mar 28, 2013 at 1:17 AM
"The Authentication Method is not supported" the edirectory im connecting to uses simple authentication and there is no way in the pluggin to change the auth type.

Another issue i can see is you require the distinguisedName attribute this does not exist in Edirectory its DN or dn
Coordinator
Mar 28, 2013 at 2:20 AM
Thanks for your feedback, I will investigate this. Will keep you posted.
Alex.
Coordinator
Apr 1, 2013 at 10:24 PM
Please, see try the latest release 1.4.0.5
The following 2 features were added
  1. Support for Basic authentication type, previously only NEGOTIATE was supported
  2. Support for providing an arbitrary primary key attribute, previously only distinguishedName could be utilized
I have not tried this with EDirectory yet, but the implemented changes should address the issues you identified.
By the way, if EDirectory, is using a self-signed certificate, then the component most likely will not work.
I will need to implement additional support for self-singed certificates validation, this is based on this article
http://www.codeproject.com/Articles/19097/eDirectory-Authentication-using-LdapConnection-and
Apr 2, 2013 at 12:07 AM
thanks for the speedy response im not using SSL to connect to Edirectory so that should be fine, ill test it and get back to you.
Apr 2, 2013 at 12:15 AM
ok jsut tested it, it appeares the LDAP primary key dosent work as intended, when you click on column mappings after you have configured it, it still says "distinguishedName was not included in the list of attributes to load"

then when you hit refresh it then comes back with "the server does not support the control. The Control is critical".

If i then go back and add distinguishedName to the attributes it also coems back with "the server does not support the control. The control is critical"
Coordinator
Apr 2, 2013 at 2:05 AM
I can reproduce the "the server does not support the control. The control is critical" error. Will look into this.
Is there way you could get the server side error log, when this message is produced?

The "distinguishedName was not included in the list of attributes to load" - I forgot to remove this validation logic test (no longer required with the last release). Will fix this with next release.

Thanks for testing this. Will keep you posted.
Alex.
Apr 2, 2013 at 4:37 AM
Ran a ndstrace on the server got the followign error in the logs:

2253887248 LDAP: [2013/04/02 14:32:07.631] Unsupported critical control in rootDSE, err = 12
Coordinator
Apr 3, 2013 at 1:08 AM
Thanks. I moved past this error (Unsupported Control), by removing one of the controls, which seemed to be required by Active Directory.
Unfortunately, I need to re-work the schema discovery logic, since it was too AD specific. I hope to have something for you to try before the end of the week.
Coordinator
Apr 8, 2013 at 7:22 PM
Hi There.
I was able to successfully import data from my test EDirectory system. Before I release this, would you be interested in running some tests in your environment, since my EDirectory is very vanilla type of configuration, just a couple of users.
If yes, let me know, what version of SQL you are using and I will make a setup for you.
Thanks
Alex.
Apr 10, 2013 at 2:15 AM
thanks, im running sql 2008 R2 :)
Coordinator
Apr 10, 2013 at 2:38 AM
Please, download the latest release 1.4.0.6, it has the bits for EDirectory
Note that when connecting to EDirectory (and probably other non-AD systems) set the DomainScopeEnforced property to False. For ADDS and ADLDS leave this setting at default value TRUE.
Apr 10, 2013 at 7:24 AM
Edited Apr 10, 2013 at 7:24 AM
it dosen throw back any errors now which is good but it dosent seam to be getting any data, it could be my configuration ill have more of a play and get back to you.
Coordinator
Apr 11, 2013 at 5:41 PM
What does you SearchFilter look like? I had to change it to (objectClass=*) when testing.
Apr 12, 2013 at 1:59 AM
i was using (login=testc01) so i would get it to return one user, i chagned it to (objectClass=*) and it still didnt return anything below is my config.

BaseDN: ou=Users,ou=test,o=COMMUNITIES

connectionAccountName: cn=admin,o=services
AuthenticationType: BASIC
DomainScopeEnforced: False

GuidEncodedBinayAttributes: GUID
searchFilter: (objectClass=*)
AttributestoLoad: dn,cn,login
LdapPrimaryKeyEquiv: dn
UseSSL False
UseTaskSecurityContext: False
Coordinator
Apr 16, 2013 at 1:38 AM
Hi,
Could you, please, try ldp.exe from the SSIS server. I am curios if ldp will return some data, using the same query parameters you supplied to the component.
Here is a link were you could download it http://www.computerperformance.co.uk/Longhorn/windows_ldp_download.htm
When binding use Simple bind.
Let me know how it goes.
Thanks
Alex.