Cannot login using AD; wrong LDAP server in log?

x0rerror · Thread Author #1 06-02-2009, 04:03 PM

Hi Guys,

I've installed BES 5 but cannot get any accounts to login using AD authentication.

My log file shows the following:

-----
(06/02 15:06:10:840):{http-BES.Mydomain.INC%2F10.0.0.104-443-2} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=6011} LOGIN ERROR: getActiveDirectoryRootDseInformation could not get rootDSE attributes for URL ldap://Mydomain.inc:389 error=javax.naming.CommunicationException: Mydomain.inc:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine]
-----

i see the ldap server is listed wrong in my log it should be ldap://ns2.mydomain.inc:389 as it is entered in the BB config GUI.

Also im not sure if it is related but if this line {u=SystemUser, t=6011} represents my user acocunt specified in setup than it is also wrong.

please help...

Rh1noo · #2 06-02-2009, 05:49 PM

I tried an old 5.0 release and couldn't get windows authentication working until I changes the port number to 3268 and not port 389.

When I tried the gold release it worked with port 389.

I hope this helps.

sam2500 · #3 06-03-2009, 09:51 AM

The user or users have to be added to BES before you can login using AD authentication.

x0rerror · Thread Author #4 06-03-2009, 11:03 AM

Hi Guys thanks for your suggestions.

Although i still have the issue.

The account I am trying to log into is a member and activated on the bes server already.

I still think it's the fact that ldap is trying to search ldap://Mydomain.inc as opposed to ldap://hostname.mydomain.inc

Any other suggestions?

thanks alot.

sam2500 · #5 06-03-2009, 01:19 PM

On LDAP authentication, what do you have listed?

x0rerror · Thread Author #6 06-03-2009, 02:17 PM

Hi Sam,

On LDAP authetication tab i have:

ldap://ns1-internal.mydomain.com:389

pressing verify all is ok.

Log shows ldap://Mydomain.com:389 instead; missing the actual hostname unless it was designed that way.

I do notice if i generate a hash for the Besadmin account i get something along these lines:

-b0f288fbc6d22d7988aff8f2a370d45c9b2a23d8a020165

thanks again for your help.

sam2500 · #7 06-03-2009, 02:37 PM

ldap://domaincontroller1.mydomain.com:389

LDAP search base: DC=domainname,DC=com

LDAP username: besadmin

Rh1noo · #8 06-03-2009, 04:51 PM

Why are you trying to log on to BAS as a user or are you trying the web desktop manager?

Are you trying to setup role based admin? When you add a user to the BES you also need to give them rights to log on by creating an admin role or assigning if you want them to be able to use BAS.

x0rerror · Thread Author #9 06-04-2009, 01:15 PM

Hi Guys,

I added a user ( myself ) to our Blackberry enterprise server.

He is now a member and my blackberry is activated on my BES.

When i try to login to the WEB DESKTOP console using Active Directory Authentication i get the following error:

The username, password, or domain is not correct. Please correct the entry.

If i check my BES-AS log i see the following:

(06/04 13:06:28:448):{http-BES.MYDOMAIN.INC%2F10.0.0.104-443-1} [com.rim.bes.basplugin.activedirectory.LdapSearch] [INFO] [ADAU-1001] {u=SystemUser, t=5806} LOGIN ERROR: getActiveDirectoryRootDseInformation could not get rootDSE attributes for URL ldap://MYDOMAIN.inc:389 error=javax.naming.CommunicationException: MYDOMAIN.inc:389 [Root exception is java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine

I'm stumped...

sam2500 · #10 06-04-2009, 01:18 PM

Did you setup roles for the user on BES in question?

x0rerror · Thread Author #11 06-04-2009, 01:47 PM

Quote:

Originally Posted by sam2500

Did you setup roles for the user on BES in question?

Hi Sam,

I just added the user to the BES server. I didn't assign any roles to him.

Do i need to assign a role to the blackberry user in order for him to login to the web desktop managment console?

thanks alot i appreciate your help.