Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BOXI R2 LDAP Problem

Status
Not open for further replies.

djtech2k

MIS
Jul 24, 2003
1,097
US
I have deployed BOXI R2 in a couple different environments. All of them run on Windows 2003. I am using ADAM (Active Directory Application Mode) as my LDAP source for authentication. I have had it running for a while now. The problem I have is that for some users when I try to add them to XI, I get that generic message about "Creation of the user xxxx cannot complete because the user is not a member in any of the mapped groups". I have verified that the user IS in the mapped groups just like the hundreds of users in their own group that do work. Just FYI, my ADAM gets fed its data via a synchronization from AD going through MIIS. This should not be relevant, but its info nonetheless.

So, is anyone else having this "mapped" group issue? I am running out of choices here. I have removed/re-added so many times, but it does not work. For example, I have about 10-15 people out of 200 that are not working.

Any ideas?
 
I have seen a similar issue when synching a group from WinAD for BOE-XI (R2) authentication. We had the issue when some of our our users had last name changes (eg. marriage/divorce)

Confirm that the users have BOTH their WinAD UserID and their WinAD Profile updated correctly.

If you have only updated the WinAD UserID - the profile name is out of synch with the UserID.

This might not be your issue - but it's a good place to start looking....
 
I am not sure that I understand. Are you talking about the profile on the users desktop, like under "Documents and Settings"?
 
No, in the Windows Active Directory manager - the user has both a UserID and a ProfileID (sometimes called a pre-2000 ID).

If Sally Smith who has a WinAD UserID and ProfileID of "SmithS" marries and becomes Sally Jones - when her WinAD accountis updated by the WinAD admin her new WinAD UserID is "JonesS" but her ProfileID remains "SmithS" unless it is also updated.

When BOE-XI (R2) tries to synch-up with the WinAD account it can't process the conflict between the two different IDs for a single WinAD account.

Once we set both values to "JonesS" then BOE-XI (R2) could process the authentication again.
 
ok I understand. You are talking about userprincipalname vs samaccountname in AD. In my environment, those attributes match on all user objects, so that cannot be it.

Any other ideas?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top