Quote:
Originally Posted by Raiden
Thanks Sweater.
I have also checked this and all LDAP settings are fine, i supplied to BESADMIN credentials during setup for standardization. Is this correct? Could this be the problem?
|
OK - so here's a standard way to set up BES/BAS
with Active Directory authentication:
You have a besadmin user account in Active Directory that has the appropriate Exchange permissions (assuming Exchange) and Active Directory permissions to be able to do LDAP lookups.
That besadmin user is what the BES and BAS services are running as underneath. Further, the besadmin username and password is what BAS passes along to Active Directory when you log into BAS or Webdesktop. Meaning:
When a user puts their username into the Webdesktop interface and clicks "OK" or whatever, Webdesktop takes their username and password, logs into Active Directory as "besadmin" and looks up that person's username and password in order to authenticate them through to Webdesktop.
Enter the current problem with BAS 5.0:
When you set up BAS during install, the besadmin Active Directory credentials that you confirmed during install are stored in the BESMgmt database. During setup, the password for besadmin gets encrypted properly so that when a user tries to log in to Webdesktop, the correct username (besdamin) and password are sent on to Active Directory and everything works.
However -
the 5.0 BlackBerry Administration tool run from the Start menu has a bug in it. If you use that tool to confirm your LDAP settings, that tool will fail to encrypt the besadmin password correctly. This breaks the ability of that besadmin user account to do proper Active Directory authentication whenever you try to log into BAS or Webdesktop.
There are workarounds for this problem, including uninstalling and reinstalling BAS and never, ever touching that tool from the Start menu. However, you might find a call to tech support will be your best bet.
- mike