Lotus Notes LDAP -> URM Service

  • 24 June 2014
  • 7 replies
  • 40 views

Badge +3

Good afternoon all,

 

in our company we would like to aditionally from authenticating users from active directory also to authenticate via LDAP to Lotus Notes as well.

 

Regarding the LDAP topic, i found the following article

 

http://help.k2.com/helppages/k2blackpearlgettingstarted4.6.7/webframe.html#introduction_to_k2_ldap_provider.html

 

Here we started by ignoring the Openldap part and focus on the K2 configuration and the usage of the URM service to interact with LDAP:

Basically to connect we need the following settings:


LDAP://ldap.ch.da.rtr/O=Autoneum
UserName: sldap
Password: #########

 

Based on the original script existing in the mentioned URL, i adjusted it to add the configuration settings above and to update the Identity table in the end.

 

The scrip is posted bellow:

 

 

-- K2 LDAP User Manager (Trusted - Setup).sql
-- sample script for creating a K2 LDAP user manager that uses the SourceCode.Security.Providers.LdapProvider.Trusted.Ldap provider

-- Comments By ricardo.matos@autoneum.com
--LDAP://ldap.ch.da.rtr/O=Autoneum
--UserName: sldap
--Password: #########

-- DECLARATIONS
DECLARE @SecurityLabelName NVARCHAR(20) = 'LDAP'; --Update as needed
DECLARE @XmlConfig XML =
'<AuthInit>
<LdapConnection
LdapServer="ldap.ch.da.rtr"
LdapServerPort="389"
LdapSsl="false"
LdapAuthTypeConnect="Basic"
LdapAuthTypeAuthenticateUser="Basic"
LdapResolveAuthenticationUserToDistinguishedName="true"
LdapAutoBind="false"
LdapScope="Subtree"
LdapConnectIntegrated="true"
LdapConnectUserName="sldap"
LdapConnectUserPassword="#########"
LdapTimeout="0"
LdapProtocolVersion="3"
LdapServerCertificatePath="" />
<LdapUserBaseObject>O=Autoneum</LdapUserBaseObject>
<LdapUserSearchFormatString>(cn={0})</LdapUserSearchFormatString>
<LdapUserGroupSearchFormatString>(memberOf={0})</LdapUserGroupSearchFormatString>
<LdapUserAttributes>
<K2LdapMapping K2Name="ID" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Name" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Description" Multiline="true" LdapName="description" ObjectType="System.String" />
<K2LdapMapping K2Name="Email" LdapName="mail" ObjectType="System.String" />
<K2LdapMapping K2Name="DistinguishedName" LdapName="entryDN" ObjectType="System.String" />
<K2LdapMapping K2Name="ObjectSID" FullOnly="true" LdapName="ibm-entryUUID" ObjectType="System.String" />
<K2LdapMapping K2Name="CommonName" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="UserPrincipalName" LdapName="uid" ObjectType="System.String" />
<K2LdapMapping K2Name="Manager" FullOnly="true" LdapName="manager" ObjectType="System.String" SearchQuery="(&amp;(objectClass=Person)(objectCategory=User))" SearchResultProperty="samAccountName" />
<K2LdapMapping K2Name="SipAccount" LdapName="msRTCSIP-PrimaryUserAddress" ObjectType="System.String" />
<K2LdapMapping K2Name="DisplayName" LdapName="displayName" ObjectType="System.String" />
<K2LdapMapping K2Name="TelephoneNumber" LdapName="telephoneNumber" ObjectType="System.String" />
<K2LdapMapping K2Name="Mobile" LdapName="mobile" ObjectType="System.String" />
<K2LdapMapping K2Name="HomePage" LdapName="wWWHomePage" ObjectType="System.String" />
<K2LdapMapping K2Name="FaxNumber" LdapName="facsimileTelephoneNumber" ObjectType="System.String" />
<K2LdapMapping K2Name="HomePhone" LdapName="homePhone" ObjectType="System.String" />
<K2LdapMapping K2Name="IPPhone" LdapName="ipPhone" ObjectType="System.String" />
<K2LdapMapping K2Name="StreetAddress" LdapName="streetAddress" ObjectType="System.String" />
<K2LdapMapping K2Name="City" LdapName="l" ObjectType="System.String" />
<K2LdapMapping K2Name="Country" LdapName="c" ObjectType="System.String" />
<K2LdapMapping K2Name="State" LdapName="st" ObjectType="System.String" />
<K2LdapMapping K2Name="Title" LdapName="title" ObjectType="System.String" />
<K2LdapMapping K2Name="Department" LdapName="department" ObjectType="System.String" />
<K2LdapMapping K2Name="Company" LdapName="company" ObjectType="System.String" />
<K2LdapMapping K2Name="Office" LdapName="physicalDeliveryOfficeName" ObjectType="System.String" />
<K2LdapMapping K2Name="ManagedUsers" FullOnly="true" LdapName="managedUsers" SearchQuery="(&amp;(objectClass=Person)(objectCategory=User))" SearchResultProperty="samAccountName" ObjectType="System.Collections.ArrayList" />
<K2LdapMapping K2Name="Groups" FullOnly="true" LdapName="memberOf" SearchQuery="(objectCategory=Group)" SearchResultProperty="samAccountName" ObjectType="System.Collections.ArrayList" />
</LdapUserAttributes>
<LdapGroupBaseObject>dc=maxcrc,dc=com</LdapGroupBaseObject>
<LdapGroupSearchFormatString>(cn={0})</LdapGroupSearchFormatString>
<LdapGroupMemberSearchFormatString>(member={0})</LdapGroupMemberSearchFormatString>
<LdapGroupAttributes>
<K2LdapMapping K2Name="ID" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Name" LdapName="cn" ObjectType="System.String" />
<K2LdapMapping K2Name="Description" Multiline="true" LdapName="description" ObjectType="System.String" />
<K2LdapMapping K2Name="Email" LdapName="mail" ObjectType="System.String" />
<K2LdapMapping K2Name="DistinguishedName" LdapName="entryDN" FullOnly="true" ObjectType="System.String" />
<K2LdapMapping K2Name="ObjectSID" LdapName="ibm-entryUUID" FullOnly="true" ObjectType="System.String" />
<K2LdapMapping K2Name="Member" LdapName="member" FullOnly="true" SearchQuery="(&amp;(objectCategory=Person)(objectCategory=User))" SearchResultProperty="cn" ObjectType="System.Collections.ArrayList" />
</LdapGroupAttributes>
</AuthInit>' -- XML configuration for the LDAP provider, see K2 Help for more information on configuration values
DECLARE @SecurityLabelID UNIQUEIDENTIFIER = NEWID(); --Assigning new GUID
DECLARE @AuthSecurityProviderID UNIQUEIDENTIFIER = NEWID(); --Assigning new GUID
DECLARE @AuthInit XML = @XmlConfig;
DECLARE @RoleSecurityProviderID UNIQUEIDENTIFIER = @AuthSecurityProviderID;
DECLARE @RoleInit XML = @XmlConfig;
DECLARE @DefaultLabel BIT = NULL; --1 = true, NULL and 0 = false
DECLARE @ProviderClassName NVARCHAR(200) = 'SourceCode.Security.Providers.LdapProvider.Trusted.Ldap';
DECLARE @SPProviderID UNIQUEIDENTIFIER;

-- UPDATE TABLES
USE [K2TST]
DELETE FROM [SecurityProviders] WHERE ProviderClassName = @ProviderClassName;
DELETE FROM [SecurityLabels] WHERE SecurityLabelName = @SecurityLabelName;
INSERT INTO [SecurityProviders] VALUES (@AuthSecurityProviderID, @ProviderClassName);
INSERT INTO [SecurityLabels] VALUES (@SecurityLabelID, @SecurityLabelName, @AuthSecurityProviderID, @AuthInit, @RoleSecurityProviderID, @RoleInit, @DefaultLabel)

SELECT @SPProviderID = [SecurityProviderId] FROM [SecurityProviders] WHERE [ProviderClassName] = N'SourceCode.Security.Providers.SharePoint.SharePointProvider'
IF NOT EXISTS (SELECT 1 FROM [GroupProvider] WHERE [SecurityLabelID] = @SecurityLabelID)
BEGIN
INSERT INTO [GroupProvider]
(
[GroupProviderID]
,[SecurityLabelID]
,[SecurityProviderID]
,[Name]
,[Init]
)
VALUES
(
NEWID()
,@SecurityLabelID
,@SPProviderID
,'*'
,'<init><label name="SP" /></init>'
)
END

 

 


UPDATE [Identity].[Identity]

SET [ExpireOn] = GETDATE()

,[Resolved] = 0

,[ContainersResolved] = 0

,[ContainersExpireOn] = GETDATE()

,[MembersResolved] = 0

,[MembersExpireOn] = GETDATE()

 

GO

 

 

However when i query a URM Service based Smart Object no results are returned:

 

 

 14075i7C759541AC7F34D9.png

 

13031i1A9FB8668E9DB0BC.png

 

 

Any ideas to mek this work?

 

Thank you in advance.

 


7 replies

Badge +6

Hi Ricardo,


 


Did you recieve any errors while running the edited script? Also have you tried refreshing the URM service instance and then execute the SmartObject?


 


Kind Regards,


 


 

Badge +3

Hi Yannick,

 

The script executes well, the service was refreshed and when i query "GetUsers" using Lable LDAP i still get no results.

 

Thnak you in advance.

 

15249iB59ADCFD676DBBB0.png

Badge +8

Have you checked the K2 log files for errors?  Particularly the HostServer log?

Badge +3

Hi sbrownhuntoilco,

 

no i haven't.

 

Do you know where i can find it? Also waht should i be looking for (LLike keywords, etc)?

 

Thanks in advance.

Badge +6

Hi Ricardo,


 


The K2 HostServer log can be found in C:Program Files (x86)K2 blackpearlHost ServerBin. Look at the latest log for any errors that have occured. If there are any please state what they are in your next response.


 


Kind Regards,


 


Yannick

Badge +3

Hi There,

 

yes i found the logs and i see some errors from my atempts this morning as i tried diferent settings.

 

Altough with the current one which is the same as in the script i posted, i get no errors.

 

It simply returns no results. The interesting thing is that if i change the label to something else let's say 'QWEROP', it still returns an empty list. 

 

So it is very dificullt to track if the settings are right or not, becasue if i search for a a label entry that is not configured the result is the same.

 

I asked our Lotus Notes admisntrator if there were any ldap queries atempts baeing carried against the LDAP server and he confimed to me that nothing is coming out form the K2 server.

 

 

See bellow after the script is run, and refreshing the service, it would be expectable to have some results under the LDAP label:

 

13172i24FF23902B7E5DE3.png

 

 

 

Badge

You might want to change LDAP server property in XML to IP address

Reply