13 Replies Latest reply: Apr 10, 2013 10:22 PM by mypcsg RSS

    How to integrate Active Directory with Primavera P6 8.2

    965421
      Dear All,

      I want to install LDAP for Integration with Active Directory for Primavera P6 8.2.

      Some advice please should i install Oracle Internet Directory and or Oracle Directory Service Manager for AD Integration.
      And should i install Fusion Middleware and or Service-Oriented Architectures (SOA) for integration for AD Integration.
      And what is the step by step procedure for the above installation with separate database if required.

      I want to install any above application or service on my weblogic environment.

      you can find the status of my web applications and enterprise applications services on the Weblogic Server Administration Console.

      p6 (Active)
      p6help (Active)
      p6tm (Active)
      P6Tutorials (Active)
      p6ws (Active)
      pr (Active)
      pr-help (Active)
      PrimaveraAPI (Active)

      Thanks in advance for your response.
        • 1. Re: How to integrate Active Directory with Primavera P6 8.2
          958146
          open your P6 admin console.. http://serverIP:p6portno/p6/action/adminconfig enter your admin user id and password, when you are login in admin console you can see there Authentication menu click there and expand the Primavera P6 Configuration, there you can see Authentication expand and click LOGIN*MODE* change NATIVE to LDAP.(double click on login mode)
          • 2. Re: How to integrate Active Directory with Primavera P6 8.2
            965421
            I have successfully submitted changes now please guide me how i can verify my authentication with AD.

            when i relogin my http://IPADD:8203/p6/action/login i received this following message:

            Primavera P6 was configured to use a different authentication mode than the database selected.

            please advice how can i create database for this authentication mode.


            Thanks,

            Edited by: 962418 on Oct 17, 2012 5:44 AM
            • 3. Re: How to integrate Active Directory with Primavera P6 8.2
              958146
              LDAP (Lightweight Directory Access Protocol) is directory-based authentication and is available for all P6 EPPM applications. In this mode, when a user attempts to log into a P6 EPPM application, the user’s identity is confirmed in an LDAP-compliant directory server database. Additionally, P6 EPPM supports the use of LDAP referrals with Oracle Internet Directory and Microsoft Windows Active Directory. Referrals chasing allows authentication to extend to another domain.
              If using LDAP mode, verify the following information:
              Server: The IP address or name of the LDAP server.
              Port Number: The port number of the LDAP server.
              Chase Referral: When selected, authentication will extend to another domain.
              Use SSL: When selected, P6 Progress Reporter will use SSL. If you wish to use a specific certificate for SSL encryption, select 'Use Certificate'
              Use Certificate: Select this option to use the certificate specified in the Configuration tab
              • 4. Re: How to integrate Active Directory with Primavera P6 8.2
                958146
                one more thing You cannot change passwords if you are running P6 EPPM in LDAP
                • 5. Re: How to integrate Active Directory with Primavera P6 8.2
                  965421
                  yes i check my all LDAP Connection settings are fine but i don't configure database for LDAP i have 1 instance database name is XE and Public group ID 1 Pubuser.

                  how to i configure LDAP please advice on the following link.

                  http://www.scribd.com/doc/56148782/25/Use-the-Authentication-Configuration-wizard-to

                  go to page no 72 Configuring Authentication Modes
                  • 6. Re: How to integrate Active Directory with Primavera P6 8.2
                    958146
                    To provision LDAP user information for P6 EPPM for the first time:
                    Caution: Ensure that all users are logged out of P6 EPPM to avoid a reset of the P6 Administrator application settings.
                    Note: Verify which global profile is set as the default since this will be assigned to all provisioned users.
                    1) Log into the P6 Administrator application.
                    2) From the Authentication tab:
                    a. Fill in the appropriate settings under the Authentication folder, and make sure that Login Mode is set to NATIVE.
                    b. Fill in the appropriate settings under Database instance, and make sure that Authentication Mode is set to NATIVE.
                    c. Click Save Changes.
                    3) Restart the application server instance.
                    Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
                    4) Log into P6 as a user with privileges to create a new user.
                    5) Creating User Accounts for P6 EPPM to add a new user (in Native mode) that exactly matches an LDAP server user with rights to read the LDAP directory. Make sure to assign a global profile that contains privileges to add new users and search the LDAP directory and assign the appropriate project profiles and module access.
                    6) Log back into the P6 Administrator application.
                    7) From the Authentication tab:
                    a. Change Login Mode to LDAP.
                    b. Change Authentication Mode to LDAP.
                    c. Right-click the LDAP Connection Settings folder and select Test Connection.
                    d. Click Save Changes.
                    8) Restart the application server instance
                    Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
                    9) Log into P6 as the LDAP user created in step 5.
                    a. On the Users page, click the Add icon. The Add Users from LDAP dialog box appears for you to provision users from the LDAP repository:
                    Note: You must have the Add/Edit/Delete Users privilege and the Provision Users from LDAP privilege to search the LDAP directory. You do not need the Provision Users from LDAP privilege to import users from an LDIF file.
                    1. Either click the Load LDIF button, or enter an LDAP query (for example, uid=*) under Search users. If a search was previously performed by a user with the privilege to search the LDAP directory, the last query entered by that user will appear.
                    2. If you clicked the Load LDIF button, browse to the location of the LDIF file, and click Open. If you entered an LDAP query, click Search.
                    Note: Depending on your P6 administrative configuration settings, you might be prompted to log into the LDAP server.
                    3. A list of users will appear, grouped by status. For example, LDAP repository users that do not exactly match P6 EPPM users will be grouped together. If users exist in the LDAP repository, the User Name, Actual Name, E-mail, and Phone fields are populated (if you previously mapped those fields through the P6 Administrator application settings).
                    Note: The User Name field is equivalent to the Login Name field in P6. The Actual Name field is equivalent to the Personal Name field.
                    4. Select the option next to each user account that you wish to import, or select the option in the fields bar to select all users. New and modified users are automatically selected.
                    5. Click Import.
                    Note: The new users will be assigned the default global profile.

                    follow the above mentioned procedure and let me know if its working.

                    Ajishlal
                    • 7. Re: How to integrate Active Directory with Primavera P6 8.2
                      965421
                      I will give you update soon i am just move to other side.
                      Thanks
                      • 8. Re: How to integrate Active Directory with Primavera P6 8.2
                        965421
                        Dear Ajishlal,

                        Sorry for contacting you back after such a long time as I was assigned to some other project for this time.

                        Regarding your last reply, I followed the stepts. Everything went ok till step 8 i.e. the Authentication Modes/Login Modes were changed to LDAP and after provided the LDAP Server details the test connectivity was also successful. But when i restarted the P6 Server tried to login P6 or Adminconfig (as in step 9) it is not accepting as user account. I am unable to log in using any userid/password. What should I do? What could be the problem? Please advice.

                        Regards
                        • 9. Re: How to integrate Active Directory with Primavera P6 8.2
                          Pablo Oyarzo -Oracle
                          The account should exists in P6 database (native) and also in the LDAP server. Do you know if the account exists in the P6 database and ldap serveR?
                          • 10. Re: How to integrate Active Directory with Primavera P6 8.2
                            965421
                            Thanks Ajishlal for the reply.

                            Yes I have created the same account (even the passwords are same) in both the Native mode and the LDAP (Active Directory) but still after changing the mode to LDAP it is not allowing me to loging using that account.

                            To have a clear picture I am sending you the details of my installation with screen shots, if you can point out where the problem is.

                            I have created a user account with all Administrative rights in my LDAP/Active Directory with the user name "primavera" as seen in the following screen shot link
                            http://i.imgur.com/DQ2PUhd.png

                            Then I have created the same user "primavera" with all Administrative rights in the P6 (while in the Native mode). The details of the users can be seen in the following two screen shot links
                            http://i.imgur.com/eoCreqh.png
                            http://i.imgur.com/4fP8B1K.png

                            Now after creating these users I login to the P6 Admin config page to change the settings.
                            My LDAP/Active Directory machine IP is 192.168.3.19. And I have done the settings in the Authentication tab as you can see in the following screen shot with successful test connection message
                            http://i.imgur.com/vpOoYpo.png

                            The screen shot of the Configurations tab can also be seen in the following screen shot
                            http://i.imgur.com/r8Fx5GC.png

                            Now after making these changes I restarted the P6 instance and tried to Login as user "primavera" but it is giving error. And not only this but I can not connect with any of the users. The error it gives is "Invalid Username or Password".



                            Can you advice where I am making a mistake?

                            Thanks & Regards
                            • 11. Re: How to integrate Active Directory with Primavera P6 8.2
                              965421
                              I have Checked WebaccessLog during start primavera, on LDAP Authentication Mode, i got the following error, please find the link below for details.

                              http://i.imgur.com/eRfCh8e.jpg

                              Edited by: 962418 on Apr 4, 2013 5:03 AM
                              • 12. Re: How to integrate Active Directory with Primavera P6 8.2
                                jmft2012
                                it was the host exception shown.
                                try to change to the ip address as you defined in the ldap auth in the admin application.
                                • 13. Re: How to integrate Active Directory with Primavera P6 8.2
                                  mypcsg
                                  Try these adjustments and it should work

                                  1. verify under CONFIGURATION - CUSTOM - P6 CONFIGURATION - DIRECTORY SERVICE ............ That you service port number is that of your port for the weblogic server......... ex t3://localhost:7001

                                  Restart server and try again

                                  If not change these

                                  User Name to: YOURDOMAIN\primavera

                                  base directory to: dc=YOUR DOMAN NAME, dc=LOCAL OR COME
                                  EXAMPLE: dc=pcsg, dc=local

                                  USER_NAME: sAMAccountName

                                  ACTUAL NAME: displayName

                                  That should be it