This discussion is archived
11 Replies Latest reply: Sep 29, 2013 5:09 AM by Kumar_Jaga RSS

LDAP configuration in Primavera 8.3

Kumar_Jaga Explorer
Currently Being Moderated

Hi,

 

I have installed and configured the primavera 8.3.

its working fine.

Now i want to configure the LDAP in primavera.

 

Note,

For configuring the LDAP, must required ssl certificate information?

Please suggest me.

 

Regards

Kumar

  • 1. Re: LDAP configuration in Primavera 8.3
    jonathan.johnson Newbie
    Currently Being Moderated

    Kumar,

     

    No you do not need to use SSL to connect to an LDAP server.  You can use port 389 (non-ssl) or even 636 (ssl) without the need for a certificate.  I'd recommend using a free third party LDAP browser in order to test out your connection to the base directory node you're looking for. (LDAP Admin)

     

    Thanks,

    Jonathan Johnson

  • 2. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi Johnson,

     

    Thanks for the update.

    But, while configuring the LDAP in primavera 8.3, it needs some information right.

     

    To set the LDAP settings:

    1) Open the P6 Administrator application.

    2) In the Authentication tab, expand your configuration.

    3) Expand Authentication.

    4) In the Login Mode field, choose LDAP.

    5) Expand Authentication/LDAP.

    a. In the SSL Certificate Store field, enter the full path to the keystore that holds the SSL certificate for the LDAP server.

    b. In the SSL Store Password field, enter the password for the keystore that holds the SSL certificate.

     

     

    In that 5.a. its asking ssl certificate keystore and password.

     

    Please suggest me to configure the LDAP in p6 8.3.

    Am waiting for your update.

     

    Regards

    Kumar

  • 3. Re: LDAP configuration in Primavera 8.3
    algibson Journeyer
    Currently Being Moderated

    Hi Kumar,

     

    I've definitely set up P6 8.2 and LDAP without SSL.

    You should just leave SSL Certificate Store and Store Password as blank/empty

     

    Let me know if this still doesn't work and i'll try and test it on an 8.3 environment although i doubt Oracle Primavera would have forced SSL for LDAP in-between versions.

     

    Regards

    Alex

  • 4. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi,

     

     

    sorry for the delay reply.

     

    And thanks for the support.

     

     

    Now i have configured the ldap in p6eppm 8.3.

    But i cant able to log in to p6 application with any user as well as the ldap server user.

    Am getting the below error in webaccess log file.

     


    While trying to ping LDAP server failed to get initial directory context URL=ldap://xxx.xxx.xxx:636 Security= AuthenticationMode= Chase Referrals=1 User Key=uid


    Please help me to solve this issue ASAP.


    Regards

    Kumar

  • 5. Re: LDAP configuration in Primavera 8.3
    algibson Journeyer
    Currently Being Moderated

    Hi Kumar,

     

    There is an article on the KB that talks about this error (1569141.1).

    The only cause they have listed is a wrong username/password (This issue is caused by the username/password stored in the configuration of P6 for binding to the LDAP server not matching the actual username or password in the LDAP Server).

    You might need to put the domain in front of the username i.e. instead of just 'user' try 'domain\user'


    The article also recomends testings the config to make sure all of the details are correct "Before saving the changes test the connection by making a right click over the instance name and by selecting test connection" although i'm not sure if this just tests the conenction to the P6 database or the LDAP configuration as well.


    Please let me know how it goes.


    Regards

    Alex

  • 6. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi Algibson,

     

    Sorry for the delay reply.

    i had configured the LDAP in P6EPPM but not successfully.

    So i revert backed the LDAP setup in p6 administrator.

     

    But while trying to connect the database using P6 client tool with admin user and password as Oracle $123.

    its showing error like "Could not bind to object LDAP://:-2147483648 (8007203A"

     

    I dont know why its showing ldap error, i had removed the authentication mode as native.

    i can able to log in the p6 application with admin user password as Oracle$123.

     

    Kindly help me to fix this issue.

     

    --kumar

  • 7. Re: LDAP configuration in Primavera 8.3
    algibson Journeyer
    Currently Being Moderated

    Hi Kumar,

     

    That error numbers comes up as a match on the KB in reference to a LDAP SSL (LDAPS) issue so I suspect that there might be some details in one of the LDAP/SSL fields.

     

    What I would recommend doing is as follows:

    1) In the P6 Admin App under the Authentication tab. go to Primavera P6 Configuration->Authentication->Login Mode = Native.

    2) In the P6 Admin App under the Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->Authentication Mode = Native.

    Save Changes

     

    3) You should now be able to log into the client app with the original credentials.

    Once logged in go to Admin->Users and create a new Admin Superuser with a username/login-name that matches your windows account name (which is unlikely to be 'admin' at the least I would expect 'administrator' or 'kumar' or something similar)

    (If you are using EPPM, then add the user through the web instead of the client).

    Set the password to something that is different to your windows login password (this help to determine that is has sync'd correctly when this one fails and your windows password works).

    Log out, and test you can log in with this 'native' account (makes sure you haven't forgot module access or anything else)

     

    4) Go back to the P6 Admin App and change the following

    Authentication tab. go to Primavera P6 Configuration->Authentication->Login Mode = LDAP.

    Authentication tab. go to Primavera P6 Configuration->Authentication->Web Single Sign On - do not change anything under here

    Authentication tab. go to Primavera P6 Configuration->Authentication->LDAP - do not change anything under here (SSL Certificate store should be blank, default password can be left as is)

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->Authentication Mode = LDAP

     

    The below settings may require a couple of tests to find the correct combo for your environment

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Host = servername for your LDAP server (try both servername and servername.domain)

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Port = 389 (636 is for SSL, if your LDAP server is on something other than 389 then enter this)

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Username = User that is authenticated to read from the LDAP Server (try both username and domain\username and FQDN\username (i.e. domain.com\username) - the last one I did for a customer required domain\username). I also usually try and make this the user that you created to login/test with

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Password = password for above user

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Enable SSL = false

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Chase Referalls = leave on true but depending on your server you may want/need to set to false)

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Base Directory Node: Path within your ldap server to the 'folder'/object with the users in it i.e. ou=users, dc=xyz, dc=com

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Preferred Pool Size, Maximum Pool Size and Connection TImeout - leave as default

    Authentication tab. go to Primavera P6 Configuration->Database Instance[db-name]->LDAP Connection Settings->Field Map->User_Name = I usually change this to sAMAccountName if using Active Directory. The rest I leave as default but this may depend on your ldap server.

     

    Hit Save changes and test logging in with your windows account details.

     

    Regards

    Alex

  • 8. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi Alex,

     

    Thanks for the reply.

    Currently am working on your action plan.

    Once its finished, i will update you ASAP.

     

    --Kumar

  • 9. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi Algibson,

     

    As your advised, we have done the LDAP configuration in dev environment with user name as P6 Admin.

    we can able to log into the p6 application with ldap user name as P6 Admin.

    Due to some reason we have reverted the LDAP configuration.

    Now we are following the same steps but this time issue showing like as invalid username.

    No luck for me.

    I didn't found any error in Weblogicaccess.log file.

     

    Please suggest me to fix this issue. ASAP.

     

    --kumar

  • 10. Re: LDAP configuration in Primavera 8.3
    algibson Journeyer
    Currently Being Moderated

    Hi Kumar,

     

    Sorry for the delay in getting back to you on this one.

     

    If it was working and not isn't due to invalid username then the most likely reason is just the one of the fields is slightly incorrect (password possibly).

    Failing that we can increase the logging level to see if the WebAccess log will show anything useful.

     

    In the P6 Admin App under the Configurations tab go to your configuration (likely Primavera P6 Configuration) and then under Log->File Logger change the severity level to debug.

     

    Let me know how it goes.

     

    Regards

    Alex

  • 11. Re: LDAP configuration in Primavera 8.3
    Kumar_Jaga Explorer
    Currently Being Moderated

    Hi Algibson,

     

    Thanks for the support.

    I have fixed the issue because of incorrect base directory at the time of p6 configuration.

    So I have crosschecked the base directory details with ldap admin.

    Now its working fine.

    For LDAP configuration no need of SSL certificate.

     

    Thanks for the all supports.

    Kumar

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points