LDAP Question
Posted: Thu Sep 04, 2014 8:10 am
Hi all - I've been configuring LDAP-based password authentication and am wondering if it can be optimised a little bit and wondered if anyone had a pointer. In tm1s.cfg my LDAP set-up looks like this:
And that works fine - client names are already sync'd to Windows log-ins and the user now enters their network password to get into TM1. However, It's a bit slow and I think it's maybe related to the LDAPSearchBase setting which is the root of Active Directory and not pointed to look into a particular CN. When I try to setup the parameter like this:
Then the authentication breaks down and I get an error:
Obviously, everything is working fine, so I'm not stuck - but any pointers to speed it up or configuring a better LDAPSearchBase parameter would be appreciated.
Cheers,
Robin
Code: Select all
# LDAP sync
PasswordSource=LDAP
LDAPPort=636
LDAPHost=foo.bar.local
LDAPUseServerAccount=T
LDAPSearchBase=DC=foo,DC=bar,DC=local
LDAPSearchField=sAMAccountNameCode: Select all
LDAPSearchBase=CN=TM1 Users,OU=Groups,OU=Other Stuff,DC=foo,DC=bar,DC=localError 22 is described here as 'The distinguished name has an invalid syntax'. However, I know I've put the syntax in correctly as I've copied it directly from Active Directory. I thought the spaces in the DN might be the issue but I found at least one IBM technote saying that quotes shouldn't be used on this parameter, and trying it anyways didn't make a difference.tm1server.log wrote:TM1.LDAPAuth LDAP ERROR: 0x22 - search failed
Obviously, everything is working fine, so I'm not stuck - but any pointers to speed it up or configuring a better LDAPSearchBase parameter would be appreciated.
Cheers,
Robin
