AWG Blogs

  • Getting ADB Working for SPH-M840 - Had a SPH-M840 Galaxy Ring Virgin Mobile 3G Android version 4.1.2, attempting to install apps from Android Studio failed to detect device. Installed SAMSUN...
    5 months ago
  • How to check if I have write permissions to an Oracle table - SELECT CASE WHEN COUNT(*) > 0 THEN 'YES' ELSE 'NO' END AS PERMISSIONS FROM ( SELECT privilege FROM ( select * from dba_tab_privs where (grantee = 'MY_USE...
    5 months ago
  • JSF vs Struts 2 - JSF was designed in part by the authors of Struts to create a "Struts" that did a more accurate implementation of MVC (Struts is technically "Model 2") a...
    6 months ago
  • XML Beans vs JAXB - Seems XML Beans is superior: JAXB provides support for the XML schema specification, but handles only a subset of it; XMLBeans supports all of it. Also, by...
    10 months ago
  • Algorithms and OOP - In addition to DCI, "generic programming" as well as the move to functional programming appears to add nuance to the OOP notion of joining behavior with da...
    1 year ago
  • Flyweight vs Singleton - Implementations seems to be virtually identical, differing only in style, where the flyweight object is created and held by associated objects (containers:...
    1 year ago
  • init-param vs context-param - see http://javahash.com/difference-between-servlet-init-and-context-parameter/ for background. Gist: context-param variables are global and accessible thro...
    1 year ago
  • rbenv vs RVM - RVM is responsible not only for changing Ruby versions, but for installing rubies and managing gemsets, as well. ...Along with rbenv [to manage ruby versi...
    1 year ago

Thursday, August 25, 2011

SSIM AD Integration

SSIM can integrate with multiple AD domains (do not have to be in same forest). The documentation in the Admin guide and the official KB is sparse on how to do that though currently.

Suffice it to say I was able to connect to a Windows 2003 Enterprise SP2 (not R2), as well as a Win 2003 R2 domains, in separate forests.

The trick is to make sure those domain controllers have been assigned a server certificate (not the root cert). Verify that certificate has "Server Authentication" in the Intended Purposes column of the Certificates snapin, where it should be under Personal/Certificates. When you open the certificate in the General tab it should read "You have a private key that corresponds to this certificate."

Troubleshooting steps: test connectivity using LDP.exe from the support tools installation. Also use the following command to test from the SSIM itself: openssl s_client -connect [your DC FQDN]:636

The following guide was perfect. Make sure to note the part about exporting the cert to Base-64 encoded binary X.509 (.CER). http://www.tools4ever.com/documentation/user-management-resource-administrator/ldap_ad_secure.htm?content=7030

The Symantec KB: http://www.symantec.com/business/support/index?page=content&id=TECH123285

No comments:

Post a Comment