5 Replies Latest reply on Apr 26, 2019 10:14 AM by Dan Ueberfluss

    Server integration with Novell eDir

    Dan Ueberfluss

      I’ve tried a few different ways of configuring the LDAP and it looks like there is OpenLDAP support in the documentation, but not eDIr support. I think I would need to adapt the JAVA files to work with eDir. That or a different set of specific eDir instructions.

       

      A couple of questions..

      1. Has anyone integrated Tableau Server and Novell eDir specifically.
      2. Are there any sample json files for number #1 I could look at?
      3. If not, are there sample json files for a real implementation of LDAP with SSL?

       

      I have connected from the server in question using LDAPAdmin.exe with my configuration settings (testing eDir server reachability). I updated a json files with my settings (per the documentation making some eDir assumptions/changes). Attempted to import and it is throwing an error that “External Identity Store is unreachable”.

        • 1. Re: Server integration with Novell eDir
          Patrick Van Der Hyde

          Hello Dan,

           

          It's been a few weeks since this was posted.  Did you find a solution for this integration?  Was there anything helpful found on Novell's site?

           

          Thanks

           

          Patrick 

          • 2. Re: Server integration with Novell eDir
            Dan Ueberfluss

            I was able to configure it eventually. There was just tweaks to how the JSON file needed to look. Here is what I ended up with. (Masked of course). company is actually the base DN.

             

            {

            "configEntities":{

              "identityStore": {

               "_type": "identityStoreType",

               "type": "activedirectory",

               "nickname": "",

               "hostname": "<LDAP Server Hostname>.company.com",

               "root": "ou=people,o=company",

               "sslPort": "636",

               "directoryServiceType": "openldap",

               "bind": "simple",

               "username": "cn=svc_account,ou=Unix,ou=ServiceAccounts,ou=services,o=company",

               "password": "########",

               "identityStoreSchemaType": {

                  "userBaseDN": "ou=associate,ou=people,o=company",

               "userBaseFilter": "(objectClass=inetorgperson)",

               "userUsername": "cn",

                  "userDisplayName": "displayName",

               "userEmail": "mail",

               "userCertificate": "certificate",

               "userThumbnail": "thumbnail",

               "userJpegPhoto": "photo",

               "groupBaseDN": "ou=associate-groups,ou=people,o=company",

               "groupBaseFilter": "(objectClass=groupOfNames)",

               "groupName": "cn",

               "groupEmail": "groupemail",

               "groupDescription": "description",

               "member": "member",

               "distinguishedNameAttribute": "",

               "serverSideSorting": "true",

               "rangeRetrieval": "false"

               }

                }

              }

            }

            1 of 1 people found this helpful
            • 3. Re: Server integration with Novell eDir
              shrikant.patil.2

              Dan,

              I really appreciate you coming back and providing the update. Even if our LDAP server is different, your JSON file details absolutely helped me with configuration. Thank you!

               

              Regards,

              Shrikant

              • 4. Re: Server integration with Novell eDir
                Tomas Cesar Garcia Olmedo

                Hi Dan,

                 

                In your integration with eDirectory, do you can sync users from groups from AD? In my case, I can add users correctly from AD but when I try to add a group from AD the group is created, but Tableau can´t  sync group members users.

                 

                The LDAP Json Config

                 

                {

                    "configEntities": {

                        "identityStore": {

                            "_type": "identityStoreType",

                            "type": "activedirectory",

                          "root" : "o=data",

                          "domain" : "EDIRGS",

                            "nickname": "",

                            "hostname": "10.67.154.221",

                            "port": "389",

                          "sslPort": "",

                            "directoryServiceType": "openldap",

                            "bind": "simple",

                            "username": "cn=<myUser>,ou=Servicio,ou=Personas,o=data",

                            "password": "<myPassword>",

                            "identityStoreSchemaType": {

                                "distinguishedNameAttribute": "dn",

                                "userBaseDn": "ou=Personas,o=data",

                                "userBaseFilter": "(objectClass=CustomUser)",

                                "userUsername": "cn",

                                "userDisplayName": "fullName",

                                "userEmail": "mail",

                                "userCertificate": "",

                                "memberOf": "groupMembership",

                                "groupBaseDn": "ou=TableauTVA,ou=Aplicaciones,ou=Grupos,o=data",

                                "groupBaseFilter": "(objectClass=groupOfNames)",

                                "groupName": "cn",

                                "groupDescription": "description",

                                "member": "member",

                                 "serverSideSorting": "true",

                                "rangeRetrieval": "false",

                                "membersRetrievalPageSize": "1500"

                            }

                        }

                    }

                }

                 

                VizPortal Tableau error:

                 

                (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: INFO  com.tableausoftware.ldap.LdapConnectionFactory - Success connecting to Domain Controller:ldap://10.67.154.221:389

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Asked for 1500 members of group 'EDIRGS\TableauAdmin' starting at index 0 and found (member) 5

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Found domain '' in DN of returned member

                2019-01-30 13:06:32.996 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: DEBUG com.tableausoftware.ldap.LdapSearchService - Retrieving 5 members of group 'EDIRGS\TableauAdmin' from domain ''

                2019-01-30 13:06:33.012 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: INFO  com.tableausoftware.ldap.LdapConnectionFactory - Success connecting to Domain Controller:ldap://10.67.154.221:389

                2019-01-30 13:06:33.012 -0600 (Default,60026922,yjsoke_pRreJajJ3SBAbcw,XFH1ty2XZmF2JQKb@YQEpwAAATg,0:28ee1c72:168a0205567:-7f97) pool-27-thread-1 vizportal: WARN  com.tableausoftware.domain.user.service.SyncWithActiveDirectoryLogic - Exception when trying sync user: cn=userMember01,ou=Empleados,ou=Elektra,ou=Personas,o=data

                com.tableausoftware.domain.ldap.LdapSearchException: javax.naming.NameNotFoundException: [LDAP: error code 32 - NDS error: no such entry (-601)]; remaining name 'DC=' (errorCode=100081)

                 

                Thank you

                T. Cesar

                • 5. Re: Server integration with Novell eDir
                  Dan Ueberfluss

                  Also, if using SSL for authentication you will need to add the certs to the cacerts stores. If you have multiple nodes for the non additional nodes you need to add the certs MANUALLY to all the cacerts. the initial nodes will propagate the certs the additional nodes WILL NOT. Here is an example of adding the certs for the initial node.

                   

                  "D:\Tableau Server\packages\repository.20191.19.0321.1733\jre\bin\keytool" -import -file "D:\Certs\RootCA.cer" -alias PKIRootCA -keystore "D:\Tableau Server\data\tabsvc\config\tabadminagent_0.20191.19.0321.1733\cacerts" -storepass changeit -noprompt

                   

                  "D:\Tableau Server\packages\repository.20191.19.0321.1733\jre\bin\keytool" -import -file "D:\Certs\Wildcard.cer" -alias Wildcard -keystore "D:\Tableau Server\data\tabsvc\config\tabadminagent_0.20191.19.0321.1733\cacerts" -storepass changeit -noprompt