This post is about testing and configuring the "ADLDAP Bank" in Pharos.I'll be working from an Pharos 8.1 install on Windows 2008 R2.
You can check that the "ADLDAP Bank"is selected by looking in "Pharos Administrator -> System -> Print Server -> Bank". If "ADLDAP Bank" is selected we need to go to command line to configure the bank. Open a administrative command prompt and navigate the the following folder and run the list servers option.
cd "c:\Program Files (x86)\Pharos\Bin\" adldaplogon.exe --list-servers
If only a black line is printed then their aren't any AD servers specified to authenticate against so it fails to return anything when the the bank is called. review the output from logon canceled by plug-in post. Why it doesn't reply that the "Pharos Bank ADLADAP is not configured" is really beyond me.
Anyway we will need a AD account and its username and password. It must belong to a user that the plug-in can use to access the LDAP database; this only needs to be an ordinary user, with no special privileges. however make sure the account doesn't have password expiration enabled on it. I created a service account special for this and labeled it as such aka. pharosldap.
The best command usage I found for adldaplogon.exe is here. Following that post I configure the following command in the same command prompt.
You may want to start with the following to just make sure you are starting with fresh settings.
adldaplogon --clear-servers
Usage:
adldaplogon --add-server <priority> <server> <user> <password> [<port>] [<ssl>]
Example:
adldaplogon --add-server 0 Fully.Qualified.Domain.Name pharosldap password
To test that adldaplogon.exe is configured and working you can test it as such.
Usage:
adldaplogon.exe <filename> <level> <username> <password>
Example
adldaplogon.exe result.txt trace user1 password
Result
C:\Program Files (x86)\Pharos\Bin>adldaplogon.exe c:\test.txt trace user1 password Trying server: test.domain.edu Connecting to server Setting LDAP to version 3 Retrieve default naming context Binding with default user: user1 [password password] Looking up alternate names for user: user1 Names found: Test User, user1 Restarting connection to server Setting LDAP to version 3 Trying to bind with each candidate name Trying name: Test User [password password] Error: ldap_bind_s() failed (error 49): Invalid Credentials Trying name: user1 [password password] Succeeded Reset session and try again with different password [password__wrong__] Error: ldap_bind_s() failed (error 49): Invalid Credentials The original success was valid; accept the credentials
Links
http://pharos.custhelp.com/ci/fattach/get/11483/
http://pharos.custhelp.com/app/answers/detail/a_id/1157/~/active-directory-ldap-plug-in
I've had a wierd issue where the Pharos Print Server process seems to be calling adldaplogon.exe incorrectly in Uniprint 8.2. I have a workaround, see http://rcmtech.wordpress.com/2012/08/15/pharos-uniprint-8-2-adldap-authentication-failure/
ReplyDelete