Function1

In my last post, I mentioned “6.5 provides an LDAP server that uses the industry-standard LDAP protocol to expose users that have been synched to the portal.  So any other system can use LDAP to get user information.”

All well and good, sure, but how do you authenticate against this fancy new LDAP service in the ALI stack?  I tried using an LDAP Browser (stay tuned for that “cool tool” coming up) to see what the service had to offer, and had no idea how to authenticate against it.  It kept requesting a password, and I kept using “administrator” and the admin password.  No dice.

So I turned to another trust Cool Tool, TcpTrace, and exploited the fact that the Configuration Manager allows you to specify which port the LDAP server listens on separately from the port the Notification Service connects to it on (again, see the last post).  By getting the LDAP Server to listen on port 2389 and the Notification Service to connect on port 9999, I ran TcpTrace to proxy those connections from 9999 to 2389.  Here’s what I saw:

Aha!  The User ID isn’t just “administrator”; it’s “uid=administrator,ou=users,dc=bea,dc=com“.  (the red blobs are actually censoring our administrator users’ password).  Remind me again, how was I supposed to know that?  Oh yeah, maybe I wasn’t…

Anyway, when you do your 6.5 upgrade, you should be able to use the same format to connect to this LDAP service and check it out for yourself.  How?  Stay tuned!