- User account/password: my domain user account details (for testing)
- Berrystats admin group: a group my ad regular ad account is a member of
2. Using those settings in step 1 the following is true:
a) i can login using anyone who is a member of the AD group I put in as the Berrystats admin group
b) username must be correct
c) password can be anything...even if its the wrong AD password, I can still login, with correct Berrystats access, so long as username is right.
3. Debugging returns this, which might lead to an answer perhaps? I haven't been able to find anything thus far on the error:
I was told last week that you will not be able to use BerryStats with 5.0. We beta'd 5.0 and i brought the berrystats application up in a recent conversation with our engineer. They said no adding anything to the database. :(
- User account/password: my domain user account details (for testing)
- Berrystats admin group: a group my ad regular ad account is a member of
2. Using those settings in step 1 the following is true:
a) i can login using anyone who is a member of the AD group I put in as the Berrystats admin group
b) username must be correct
c) password can be anything...even if its the wrong AD password, I can still login, with correct Berrystats access, so long as username is right.
3. Debugging returns this, which might lead to an answer perhaps? I haven't been able to find anything thus far on the error:
Error while logging in: Error -2147016662
Anyone have any suggestions?
Same exact thing for me too. I'm using the <youradserver>/dc=domain,dc=com setup. I can't get LDAP to work otherwise, even though logging on my BES shows a successful operator logon. No access to BerryStats though, just brings me back to the logon screen. I have created security groups for each role. At least the rights are assigned correctly!
I am not using the out of the box LDAP auth for Berrystats and haven't looked into it much. I have my own security model customized for our company. However, off of the cuff, it sounds like you are running into a double-hop authentication issue. Either the web page has to be run on a DC (passes your domain auth through), or the account doing the backend group verification has to be a valid domain account running the check from the web server. Using Kerberos instead of NTLM theoretically makes this issue null and void, but I haven't had time to mess with any of that.
Again, I haven't looked at the LDAP modules for Berrystats in any detail, so I don't know what method is being used and I may be totally off base here.
I was told last week that you will not be able to use BerryStats with 5.0. We beta'd 5.0 and i brought the berrystats application up in a recent conversation with our engineer. They said no adding anything to the database. :(
I haven't seen BES 5.0 yet. My hope is that there are fields of flowers and green grass and we don't need BerryStats with 5.0.
...but if we do, it is just a database. We reverse-engineered the last one and then they gave up and published a full schema. If needed, history will repeat itself.
I was playing with the codes and modified "assign user to group" function to "move user". download "move user function.zp", rename the .txt file to .asp and put them to to your berrystats folder to gain this function. Wanna see some screenshot? Here you go:
Note that I have masked my BES Instance name from being displayed in the besuseradminclient command. It will be shown ad BES and BES2
Has anyone attempted to get one installation of BerryStats to work with multiple config databases? Or does this require one installation (i.e. IIS) per database? One reasonable accomodation would be to install it on one of BES server per config database. Ideally it would be on just one BerryStats install, and the interface would let you pick which config database to work on. Could this leverage the -n command line switch of the BESUserAdminClient executable?
As a side note, we would like to merge all of the config databases (bad decision from a prior admin) into one, but it seems problematic, although some people have had success (reading in other threads here -- but all seemed to be Exchange).
Environment is Windows 2003, BES 4.1.6, SQL Server, Domino. Current setup has 7 BES servers connected to one config database and 4 other BES servers with their own config database.
Thanks in advance.
As you point out you have the same issue as me. I think this occured when nestest group authentication was introduced. This is far beyond my knowledge so we will have to wait for qc metal the author of this edition of berrystats to have a look at this. However I think this will be some considerable time.
For me this is not a big issue, as long as the app works, which it does!
Jeremy
Quote:
Originally Posted by ris3n
I have the same issue. Here's a run down of my settings and what I can/can't do regarding logins.
1. Under "Configure BerryStats"
- Use LDAP Authentication - true
- LDAP Root (two options, same results):
- User account/password: my domain user account details (for testing)
- Berrystats admin group: a group my ad regular ad account is a member of
2. Using those settings in step 1 the following is true:
a) i can login using anyone who is a member of the AD group I put in as the Berrystats admin group
b) username must be correct
c) password can be anything...even if its the wrong AD password, I can still login, with correct Berrystats access, so long as username is right.
3. Debugging returns this, which might lead to an answer perhaps? I haven't been able to find anything thus far on the error:
Hello I comment to all that I have berrystats 0.59 with BES 4.1.6 On The truth it is brilliant.
I would like to add in the profile of the user, where there appears detail of the device and user in the BES, the quantity of free memory that has the device, someone might help?
Already I have in detail the total memory of the device, but I would like to have the free quantity of the memory.
yes, it download it of saying link, alone I would like to add the detail of free memory of the device in the detail of the user, someone can do it like?
I like that the function is hidden from users who should not have this kind of admin priviledge.
Jeremy.
Quote:
Originally Posted by vjkumar
Guys,
I was playing with the codes and modified "assign user to group" function to "move user". download "move user function.zp", rename the .txt file to .asp and put them to to your berrystats folder to gain this function. Wanna see some screenshot? Here you go:
Note that I have masked my BES Instance name from being displayed in the besuseradminclient command. It will be shown ad BES and BES2
There is a bug in logon.asp page which causes tauthentication issue. it is good to use UPN to authenticate. We made some modification in authentication piece. We are now using UPN to logon. It works like charm. We have 3 AD sites. I deployed 3 portal for each site. but as for Group authentication, we are using only 1 group. no matter where the group is authenticated. I have no idea if this will work with other organization.
Quote:
Originally Posted by jprknight
@ ris3n,
As you point out you have the same issue as me. I think this occured when nestest group authentication was introduced. This is far beyond my knowledge so we will have to wait for qc metal the author of this edition of berrystats to have a look at this. However I think this will be some considerable time.
For me this is not a big issue, as long as the app works, which it does!
Jeremy
__________________
Rgds,
VJ
============================
Sent from Blackberry Wireless Device
I made so many changes in BB portal for it to fit our environment. I added back assign user and move user functionality. querying more info from SQL to be displayed in lite.asp page. Still figuring out if it is possible to point the portal to more than 1 DB so i can deploy only 1 portal instead of 3 since I have 3 BES in 3 different site. ANy idea would be appreciated.
Quote:
Originally Posted by jprknight
Nice work vjkumar!
I like that the function is hidden from users who should not have this kind of admin priviledge.
Jeremy.
__________________
Rgds,
VJ
============================
Sent from Blackberry Wireless Device
Yes. Move user function is available for Admin and Helpdesk only. I have modified "Reporting" function to Local IT so they can manage their respective country BB user device
Quote:
Originally Posted by jprknight
Nice work vjkumar!
I like that the function is hidden from users who should not have this kind of admin priviledge.
Jeremy.
__________________
Rgds,
VJ
============================
Sent from Blackberry Wireless Device
Just installed berry stats and all works great all user admin functions seem to be fine.
The only issue I have is when a user browsers to the web site who is not in the Admins group in AD, I'm using LDAP, then it says "Youare not authorised to access BerryStats"
Confirmed all the speelings of groups is fine and users are members of groups. Self Servcie is enabled and group is set to Domain Admins.