3 Replies Latest reply on Aug 28, 2009 8:18 PM by AndyClark

    PeopleTools - LDAP (MSAD) integration

      I'm tooling around with creating a process to create a shell/disabled Active Directory (AD) account when a new person is hired in the HR database. I've already successfully utilized the LDAP_SEARCH and LDAP_MODIFY business interlinks to read from and update the AD accounts that are linked with a PS Operator, so I know the server and search configurations are correct. We are also using LDAP authentication with these same servers in production.

      Today I thought I'd try the LDAP_ADD Business Interlink so I loaded and executed the BI after pulling individual attributes from my own AD account. I added a "9" to the sn attribute and did a replace of the sn portion of the DN to make it unique, and appended the same "9" to the sAMAccountName to make it unique also. Then I added the attributes :
      sn, givenName, displayName, department, company, name, employeeID, and sAMAccountName
      to the Business Interlink and performed the Execute().

      The BI returned with return status 65 and return status message “Object class violation”.

      Someone suggested leaving the DN blank and allowing AD to format it itself, so I did that. That time the BI returned with status 64 and status message ‘Naming violation’.

      I'm not an LDAP or AD expert (in fact don't even have access to AD), so keep it simple. Any suggestions ?
        • 1. Re: PeopleTools - LDAP (MSAD) integration
          Lots of views, but no responses. Is there any interest out there in LDAP integration ?

          I've resolved this issue, I had not been giving the full object path to the new user I was adding to AD.

          &inAttrDoc = &inAddDirectoryEntries.AddDoc("Attribute");
          &biReturn = &inAttrDoc.AddValue("Attribute_Name", "objectclass");

          &biReturn = &inAttrDoc.AddValue("Value", "top");
          &biReturn = &inAttrDoc.AddValue("Value", "person");
          &biReturn = &inAttrDoc.AddValue("Value", "organizationalPerson");
          &biReturn = &inAttrDoc.AddValue("Value", "user");

          Originally I had been givning only the user value not the top>person>organizationalPerson>user values. When that was added, I was in business.

          Edited by: user632288 on Jul 15, 2009 9:34 AM
          • 2. Re: PeopleTools - LDAP (MSAD) integration
            I struggling with ldap_search itself. Is there anything need to be enabled to make the business interlinks to work properly?

            My command line ldapsearch works perfectly; however ldap_search always return -1 as return status. My exposure and experience in Business Interlinks is not that deep. Any hints?
            • 3. Re: PeopleTools - LDAP (MSAD) integration
              Before getting to the Interlink itself, is your configuration to the LDAP server complete?

              Enterprise Components > Directory Interface > Definitions > Directory Configurations

              ... and from the server configuration when you access the Test Connectivity page are all the tests successful?

              If so then go the the delivered utility Enterprise Components > Directory Interface > Search Directory and build the search you'd like to send through the interlink and run it. Then when that search is successful, look at the code behind the 'Search' button and use it to build whatever process you need.

              I've successfully used the interlinks to Search, Add, Modify, and Delete AD users from the HR system.