10 Replies Latest reply on Jul 16, 2019 11:07 PM by Ciara Brennan

    Server integration with Novell eDir

    Dan Ueberfluss

      I’ve tried a few different ways of configuring the LDAP and it looks like there is OpenLDAP support in the documentation, but not eDIr support. I think I would need to adapt the JAVA files to work with eDir. That or a different set of specific eDir instructions.

       

      A couple of questions..

      1. Has anyone integrated Tableau Server and Novell eDir specifically.
      2. Are there any sample json files for number #1 I could look at?
      3. If not, are there sample json files for a real implementation of LDAP with SSL?

       

      I have connected from the server in question using LDAPAdmin.exe with my configuration settings (testing eDir server reachability). I updated a json files with my settings (per the documentation making some eDir assumptions/changes). Attempted to import and it is throwing an error that “External Identity Store is unreachable”.

        • 1. Re: Server integration with Novell eDir
          Patrick Van Der Hyde

          Hello Dan,

           

          It's been a few weeks since this was posted.  Did you find a solution for this integration?  Was there anything helpful found on Novell's site?

           

          Thanks

           

          Patrick 

          • 2. Re: Server integration with Novell eDir
            Dan Ueberfluss

            I was able to configure it eventually. There was just tweaks to how the JSON file needed to look. Here is what I ended up with. (Masked of course). company is actually the base DN.

             

            {

            "configEntities":{

              "identityStore": {

               "_type": "identityStoreType",

               "type": "activedirectory",

               "nickname": "",

               "hostname": "<LDAP Server Hostname>.company.com",

               "root": "ou=people,o=company",

               "sslPort": "636",

               "directoryServiceType": "openldap",

               "bind": "simple",

               "username": "cn=svc_account,ou=Unix,ou=ServiceAccounts,ou=services,o=company",

               "password": "########",

               "identityStoreSchemaType": {

                  "userBaseDN": "ou=associate,ou=people,o=company",

               "userBaseFilter": "(objectClass=inetorgperson)",

               "userUsername": "cn",

                  "userDisplayName": "displayName",

               "userEmail": "mail",

               "userCertificate": "certificate",

               "userThumbnail": "thumbnail",

               "userJpegPhoto": "photo",

               "groupBaseDN": "ou=associate-groups,ou=people,o=company",

               "groupBaseFilter": "(objectClass=groupOfNames)",

               "groupName": "cn",

               "groupEmail": "groupemail",

               "groupDescription": "description",

               "member": "member",

               "distinguishedNameAttribute": "",

               "serverSideSorting": "true",

               "rangeRetrieval": "false"

               }

                }

              }

            }

            1 of 1 people found this helpful
            • 3. Re: Server integration with Novell eDir
              shrikant.patil.2

              Dan,

              I really appreciate you coming back and providing the update. Even if our LDAP server is different, your JSON file details absolutely helped me with configuration. Thank you!

               

              Regards,

              Shrikant

              • 4. Re: Server integration with Novell eDir
                Tomas Cesar Garcia Olmedo

                Hi Dan,

                 

                In your integration with eDirectory, do you can sync users from groups from AD? In my case, I can add users correctly from AD but when I try to add a group from AD the group is created, but Tableau can´t  sync group members users.

                 

                The LDAP Json Config

                 

                {

                    "configEntities": {

                        "identityStore": {

                            "_type": "identityStoreType",

                            "type": "activedirectory",

                          "root" : "o=data",

                          "domain" : "EDIRGS",

                            "nickname": "",

                            "hostname": "10.67.154.221",

                            "port": "389",

                          "sslPort": "",

                            "directoryServiceType": "openldap",

                            "bind": "simple",

                            "username": "cn=<myUser>,ou=Servicio,ou=Personas,o=data",

                            "password": "<myPassword>",

                            "identityStoreSchemaType": {

                                "distinguishedNameAttribute": "dn",

                                "userBaseDn": "ou=Personas,o=data",

                                "userBaseFilter": "(objectClass=CustomUser)",

                                "userUsername": "cn",

                                "userDisplayName": "fullName",

                                "userEmail": "mail",

                                "userCertificate": "",

                                "memberOf": "groupMembership",

                                "groupBaseDn": "ou=TableauTVA,ou=Aplicaciones,ou=Grupos,o=data",

                                "groupBaseFilter": "(objectClass=groupOfNames)",

                                "groupName": "cn",

                                "groupDescription": "description",

                                "member": "member",

                                 "serverSideSorting": "true",

                                "rangeRetrieval": "false",

                                "membersRetrievalPageSize": "1500"

                            }

                        }

                    }

                }

                 

                VizPortal Tableau error:

                 

                (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: INFO  com.tableausoftware.ldap.LdapConnectionFactory - Success connecting to Domain Controller:ldap://10.67.154.221:389

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Asked for 1500 members of group 'EDIRGS\TableauAdmin' starting at index 0 and found (member) 5

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Found domain '' in DN of returned member

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Retrieving 5 members of group 'EDIRGS\TableauAdmin' from domain ''

                2019-01-30 13:06:33.012 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: INFO  com.tableausoftware.ldap.LdapConnectionFactory - Success connecting to Domain Controller:ldap://10.67.154.221:389

                2019-01-30 13:06:33.012 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: WARN  com.tableausoftware.domain.user.service.SyncWithActiveDirectoryLogic - Exception when trying sync user: cn=userMember01,ou=Empleados,ou=Elektra,ou=Personas,o=data

                com.tableausoftware.domain.ldap.LdapSearchException: javax.naming.NameNotFoundException: [LDAP: error code 32 - NDS error: no such entry (-601)]; remaining name 'DC=' (errorCode=100081)

                 

                Thank you

                T. Cesar

                1 of 1 people found this helpful
                • 5. Re: Server integration with Novell eDir
                  Dan Ueberfluss

                  Also, if using SSL for authentication you will need to add the certs to the cacerts stores. If you have multiple nodes for the non additional nodes you need to add the certs MANUALLY to all the cacerts. the initial nodes will propagate the certs the additional nodes WILL NOT. Here is an example of adding the certs for the initial node.

                   

                  "D:\Tableau Server\packages\repository.20191.19.0321.1733\jre\bin\keytool" -import -file "D:\Certs\RootCA.cer" -alias PKIRootCA -keystore "D:\Tableau Server\data\tabsvc\config\tabadminagent_0.20191.19.0321.1733\cacerts" -storepass changeit -noprompt

                   

                  "D:\Tableau Server\packages\repository.20191.19.0321.1733\jre\bin\keytool" -import -file "D:\Certs\Wildcard.cer" -alias Wildcard -keystore "D:\Tableau Server\data\tabsvc\config\tabadminagent_0.20191.19.0321.1733\cacerts" -storepass changeit -noprompt

                  • 6. Re: Server integration with Novell eDir
                    Jason Milton

                    Tomas-

                    Did you ever figure out this issue?  I am having the exact same problem and am struggling with the solution!  I haven't found anyone who has solved for it yet.

                     

                    I am able to add users and groups, but when trying to sync groups to bring in the users I get the same error as you:

                    [LDAP: error code 32 - NDS error: no such entry (-601)]; remaining name 'DC=' (errorCode=100081)

                     

                    My config is almost identical to yours, so i'm sure it's the same issue.  Were you ever able to figure out the cause?

                     

                    Thanks!

                    • 7. Re: Server integration with Novell eDir
                      Radoslav ILCHEV

                      Hello Community,

                      Thank you

                      Dan Ueberfluss  and  Tomas Cesar Garcia Olmedo

                       

                      Did you manage to import group and user from those groups. We have the same issue that Tomas. User import OK. Group search OK , import group members -> Error

                      [LDAP: error code 32 - NDS error: no such entry (-601)]; remaining name 'DC=' (errorCode=100081)

                       

                      Tableau is adding the DC attribute corespondint (in theory) to the domain on openldap. But we dont have "domain" in Novell 8.8 and we are not providing the attribute in the .json configiration. Similar to your config Dan. 

                       

                      Any ideas how to omit this "dc" part. ?

                       

                      empty domain "" is thansmited.

                      Enivrement :

                      Tableau Server 2019.2

                      Novell eDirectory 8.8 LDAP V3

                       

                      Thank you !

                      Best Regards,

                      Radoslav

                      • 8. Re: Server integration with Novell eDir
                        Tomas Cesar Garcia Olmedo

                        Hello RADOSLAV

                         

                        I solved the case deleting the attribute     "distinguishedNameAttribute": "dn" from LDAP Jason

                         

                        Best Regards,

                         

                         

                        T. Cesar

                        • 9. Re: Server integration with Novell eDir
                          Tomas Cesar Garcia Olmedo

                          Hello Jason,

                           

                          I solved this problem deleting the attribute "distinguishedNameAttribute": "dn" from LDAP Jason.

                           

                          Best Regards.

                           

                           

                          T. Cesar

                          1 of 1 people found this helpful
                          • 10. Re: Server integration with Novell eDir
                            Ciara Brennan

                            Hi Tomas, thanks for the update, glad to hear the problem is now resolved

                             

                            Thanks, Ciara