Lotus Notes LDAP -> URM Service

Good afternoon all,

in our company we would like to aditionally from authenticating users from active directory also to authenticate via LDAP to Lotus Notes as well.

Regarding the LDAP topic, i found the following article

http://help.k2.com/helppages/k2blackpearlgettingstarted4.6.7/webframe.html#introduction_to_k2_ldap_provider.html

Here we started by ignoring the Openldap part and focus on the K2 configuration and the usage of the URM service to interact with LDAP:

Basically to connect we need the following settings:

LDAP://ldap.ch.da.rtr/O=Autoneum
UserName: sldap
Password: #########

Based on the original script existing in the mentioned URL, i adjusted it to add the configuration settings above and to update the Identity table in the end.

The scrip is posted bellow:

-- K2 LDAP User Manager (Trusted - Setup).sql
-- sample script for creating a K2 LDAP user manager that uses the SourceCode.Security.Providers.LdapProvider.Trusted.Ldap provider

-- Comments By ricardo.matos@autoneum.com
--LDAP://ldap.ch.da.rtr/O=Autoneum
--UserName: sldap
--Password: #########

-- DECLARATIONS
DECLARE @SecurityLabelName NVARCHAR(20) = 'LDAP'; --Update as needed
DECLARE @XmlConfig XML =
'<AuthInit>
<LdapConnection
LdapServer="ldap.ch.da.rtr"
LdapServerPort="389"
LdapSsl="false"
LdapAuthTypeConnect="Basic"
LdapAuthTypeAuthenticateUser="Basic"
LdapResolveAuthenticationUserToDistinguishedName="true"
LdapAutoBind="false"
LdapScope="Subtree"
LdapConnectIntegrated="true"
LdapConnectUserName="sldap"
LdapConnectUserPassword="#########"
LdapTimeout="0"
LdapProtocolVersion="3"
LdapServerCertificatePath="" />
<LdapUserBaseObject>O=Autoneum</LdapUserBaseObject>
<LdapUserSearchFormatString>(cn={0})</LdapUserSearchFormatString>
<LdapUserGroupSearchFormatString>(memberOf={0})</LdapUserGroupSearchFormatString>
<LdapUserAttributes>
<K2LdapMapping K2Name="ID" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Name" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Description" Multiline="true" LdapName="description" ObjectType="System.String" />
<K2LdapMapping K2Name="Email" LdapName="mail" ObjectType="System.String" />
<K2LdapMapping K2Name="DistinguishedName" LdapName="entryDN" ObjectType="System.String" />
<K2LdapMapping K2Name="ObjectSID" FullOnly="true" LdapName="ibm-entryUUID" ObjectType="System.String" />
<K2LdapMapping K2Name="CommonName" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="UserPrincipalName" LdapName="uid" ObjectType="System.String" />
<K2LdapMapping K2Name="Manager" FullOnly="true" LdapName="manager" ObjectType="System.String" SearchQuery="(&(objectClass=Person)(objectCategory=User))" SearchResultProperty="samAccountName" />
<K2LdapMapping K2Name="SipAccount" LdapName="msRTCSIP-PrimaryUserAddress" ObjectType="System.String" />
<K2LdapMapping K2Name="DisplayName" LdapName="displayName" ObjectType="System.String" />
<K2LdapMapping K2Name="TelephoneNumber" LdapName="telephoneNumber" ObjectType="System.String" />
<K2LdapMapping K2Name="Mobile" LdapName="mobile" ObjectType="System.String" />
<K2LdapMapping K2Name="HomePage" LdapName="wWWHomePage" ObjectType="System.String" />
<K2LdapMapping K2Name="FaxNumber" LdapName="facsimileTelephoneNumber" ObjectType="System.String" />
<K2LdapMapping K2Name="HomePhone" LdapName="homePhone" ObjectType="System.String" />
<K2LdapMapping K2Name="IPPhone" LdapName="ipPhone" ObjectType="System.String" />
<K2LdapMapping K2Name="StreetAddress" LdapName="streetAddress" ObjectType="System.String" />
<K2LdapMapping K2Name="City" LdapName="l" ObjectType="System.String" />
<K2LdapMapping K2Name="Country" LdapName="c" ObjectType="System.String" />
<K2LdapMapping K2Name="State" LdapName="st" ObjectType="System.String" />
<K2LdapMapping K2Name="Title" LdapName="title" ObjectType="System.String" />
<K2LdapMapping K2Name="Department" LdapName="department" ObjectType="System.String" />
<K2LdapMapping K2Name="Company" LdapName="company" ObjectType="System.String" />
<K2LdapMapping K2Name="Office" LdapName="physicalDeliveryOfficeName" ObjectType="System.String" />
<K2LdapMapping K2Name="ManagedUsers" FullOnly="true" LdapName="managedUsers" SearchQuery="(&(objectClass=Person)(objectCategory=User))" SearchResultProperty="samAccountName" ObjectType="System.Collections.ArrayList" />
<K2LdapMapping K2Name="Groups" FullOnly="true" LdapName="memberOf" SearchQuery="(objectCategory=Group)" SearchResultProperty="samAccountName" ObjectType="System.Collections.ArrayList" />
</LdapUserAttributes>
<LdapGroupBaseObject>dc=maxcrc,dc=com</LdapGroupBaseObject>
<LdapGroupSearchFormatString>(cn={0})</LdapGroupSearchFormatString>
<LdapGroupMemberSearchFormatString>(member={0})</LdapGroupMemberSearchFormatString>
<LdapGroupAttributes>
<K2LdapMapping K2Name="ID" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Name" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Description" Multiline="true" LdapName="description" ObjectType="System.String" />
<K2LdapMapping K2Name="Email" LdapName="mail" ObjectType="System.String" />
<K2LdapMapping K2Name="DistinguishedName" LdapName="entryDN" FullOnly="true" ObjectType="System.String" />
<K2LdapMapping K2Name="ObjectSID" LdapName="ibm-entryUUID" FullOnly="true" ObjectType="System.String" />
<K2LdapMapping K2Name="Member" LdapName="member" FullOnly="true" SearchQuery="(&(objectCategory=Person)(objectCategory=User))" SearchResultProperty="cn" ObjectType="System.Collections.ArrayList" />
</LdapGroupAttributes>
</AuthInit>' -- XML configuration for the LDAP provider, see K2 Help for more information on configuration values
DECLARE @SecurityLabelID UNIQUEIDENTIFIER = NEWID(); --Assigning new GUID
DECLARE @AuthSecurityProviderID UNIQUEIDENTIFIER = NEWID(); --Assigning new GUID
DECLARE @AuthInit XML = @XmlConfig;
DECLARE @RoleSecurityProviderID UNIQUEIDENTIFIER = @AuthSecurityProviderID;
DECLARE @RoleInit XML = @XmlConfig;
DECLARE @DefaultLabel BIT = NULL; --1 = true, NULL and 0 = false
DECLARE @ProviderClassName NVARCHAR(200) = 'SourceCode.Security.Providers.LdapProvider.Trusted.Ldap';
DECLARE @SPProviderID UNIQUEIDENTIFIER;

-- UPDATE TABLES
USE rK2TST]
DELETE FROM TSecurityProviders] WHERE ProviderClassName = @ProviderClassName;
DELETE FROM TSecurityLabels] WHERE SecurityLabelName = @SecurityLabelName;
INSERT INTO RSecurityProviders] VALUES (@AuthSecurityProviderID, @ProviderClassName);
INSERT INTO RSecurityLabels] VALUES (@SecurityLabelID, @SecurityLabelName, @AuthSecurityProviderID, @AuthInit, @RoleSecurityProviderID, @RoleInit, @DefaultLabel)

SELECT @SPProviderID = dSecurityProviderId] FROM dSecurityProviders] WHERE ]ProviderClassName] = N'SourceCode.Security.Providers.SharePoint.SharePointProvider'
IF NOT EXISTS (SELECT 1 FROM GroupProvider] WHERE ]SecurityLabelID] = @SecurityLabelID)
BEGIN
INSERT INTO RGroupProvider]
(
>GroupProviderID]
,]SecurityLabelID]
,]SecurityProviderID]
,]Name]
,]Init]
)
VALUES
(
NEWID()
,@SecurityLabelID
,@SPProviderID
,'*'
,'<init><label name="SP" /></init>'
)
END

UPDATE Identity].IIdentity]

SET /ExpireOn] = GETDATE()

,(Resolved] = 0

, ContainersResolved] = 0

, ContainersExpireOn] = GETDATE()

,(MembersResolved] = 0

, MembersExpireOn] = GETDATE()

However when i query a URM Service based Smart Object no results are returned:

Any ideas to mek this work?

Thank you in advance.

Page 1 / 1

Hi Ricardo,

Did you recieve any errors while running the edited script? Also have you tried refreshing the URM service instance and then execute the SmartObject?

Kind Regards,

Hi Yannick,

The script executes well, the service was refreshed and when i query "GetUsers" using Lable LDAP i still get no results.

Thnak you in advance.

Have you checked the K2 log files for errors? Particularly the HostServer log?

Hi sbrownhuntoilco,

no i haven't.

Do you know where i can find it? Also waht should i be looking for (LLike keywords, etc)?

Thanks in advance.

Hi Ricardo,

The K2 HostServer log can be found in C:Program Files (x86)K2 blackpearlHost ServerBin. Look at the latest log for any errors that have occured. If there are any please state what they are in your next response.

Kind Regards,

Yannick

Hi There,

yes i found the logs and i see some errors from my atempts this morning as i tried diferent settings.

Altough with the current one which is the same as in the script i posted, i get no errors.

It simply returns no results. The interesting thing is that if i change the label to something else let's say 'QWEROP', it still returns an empty list.

So it is very dificullt to track if the settings are right or not, becasue if i search for a a label entry that is not configured the result is the same.

I asked our Lotus Notes admisntrator if there were any ldap queries atempts baeing carried against the LDAP server and he confimed to me that nothing is coming out form the K2 server.

See bellow after the script is run, and refreshing the service, it would be expectable to have some results under the LDAP label:

You might want to change LDAP server property in XML to IP address

Reply

View our Community Site Map

Reply

View our Community Site Map

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded