Posts in Category "LDAP"

Adobe Connect Directory Service Integration for LDAP Sync and Authentication – Explained

The following article is intended to show how the directory service integration works with the current release of Adobe Connect 9.1 and how it relates to setting up a synchronization. I will follow this article up with another regarding Authentication.  For the most part, this is applicable for any flavor of Adobe Connect 8 or 9.  Continue reading…

LDAP Sync Log File Access

Scenario: You may be an Adobe Connect Administrator and want to access the LDAP sync logs to see who has been (via an LDAP sync) brought into Adobe Connect, removed from Adobe Connect, or has been added or removed from a group membership, and when.  The problem is that these logs are only accessible for the most part, on the server itself by a server admin who can log into the Configuration Console on the localhost and access them manually via the Directory Service area of the console.  This is not accessible from outside of the actual Connect server.

The solution is to use the API to find all the LDAP sync logs on the system (which are actually treated as content) and access them with just an Administrator username and password to the system.  Here’s how:

1) Log into the Adobe Connect interface as user with Administrator priviledges.
2) Assuming your Licensed account-id has not been changed, it will be ’7′ so you can make the following API call:

http://{serverURL}/api/xml?action=sco-expanded-contents&sco-id=7&filter-icon=logos

Where 7 is the account ID and you filter on ‘icon=logos’ (not sure why)…

Result will look like this (example response):

<results>
<status code=”ok”/>
<expanded-scos>
<sco depth=”2″ sco-id=”12345” folder-id=”11005″ type=”content” icon=”logos” lang=”en” source-sco-id=”” display-seq=”0″ source-sco-type=”” source-sco-icon=”” content-source-sco-icon=”” duration=””>
<name>{ds-sync}</name>
<url-path>/p5u78ftvvsi/</url-path>
<date-created>2013-10-29T20:10:17.660-04:00</date-created>
<date-modified>2014-01-14T21:42:27.150-05:00</date-modified>
</sco>
</expanded-scos>
</results>

The name of the item should be {ds-sync} (short for Directory Service Synchronization).

3) Then use the following call to get all sync logs under that folder:

http://{serverURL}/api/xml?action=sco-expanded-contents&sco-id=12345

Where the sco-id is the one from the first call and will be the sco-id of the sync folder (so yours will be different than my example of 12345)

It will list all sync logs with their scos (like below).

They all have a name format of: {sync-sco-preview} + the date.
They all have an icon=archive

4) Look for the one you want, and then navigate to the file via the URL (value in RED in the response below).

Example response:

<results>
<status code=”ok”/>
<expanded-scos>
<sco depth=”0″ sco-id=”12345″ folder-id=”11005″ type=”content” icon=”logos” lang=”en” source-sco-id=”” display-seq=”0″ source-sco-type=”” source-sco-icon=”” content-source-sco-icon=”” duration=””>
<name>{ds-sync}</name>
<url-path>/p5u78ftvvsi/</url-path>
<date-created>2013-10-29T20:10:17.660-04:00</date-created>
<date-modified>2014-01-14T21:42:27.150-05:00</date-modified>
</sco>
<sco depth=”1″ sco-id=”26150″ folder-id=”12345″ type=”content” icon=”archive” lang=”en” source-sco-id=”” display-seq=”0″ source-sco-type=”” source-sco-icon=”” content-source-sco-icon=”” duration=””>
<name>{sync-sco-preview} [2014-01-14 18:23:35.47]</name>
<url-path>/p26150/</url-path>
<date-created>2014-01-14T21:23:35.470-05:00</date-created>
<date-modified>2014-01-14T21:23:35.470-05:00</date-modified>
</sco>
<sco depth=”1″ sco-id=”26017″ folder-id=”12345″ type=”content” icon=”archive” lang=”en” source-sco-id=”” display-seq=”0″ source-sco-type=”” source-sco-icon=”” content-source-sco-icon=”” duration=””>
<name>{sync-sco-preview} [2014-01-14 06:37:23.88]</name>
<url-path>/p26017/</url-path>
<date-created>2014-01-14T09:37:23.880-05:00</date-created>
<date-modified>2014-01-14T09:37:23.880-05:00</date-modified>
</sco>
…….
</expanded-scos>
</results>

 

Error configuring secure LDAP (LDAPS) with Adobe Connect

Problem:

While trying to save the Connection Settings under Directory Service Settings on Admin console the following error gets displayed:

Your settings were successfully saved but LDAP connectivity could not be verified. Please check your LDAP URL and port.

 Reason:

The problem occurs because certificates are placed at the wrong location. The following error will be logged in debug.log file under {root-install-drive}\breeze\logs\support :-

[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Solution:

In order to resolve the issue copy the cacerts to {root-install-drive}\Breeze\8.x.x.x\jre\lib\security and restart Adobe Connect service. Try to save the Connection Settings and it should work as expected.