Error in LDAP as Authentication

Similar Messages

• External LDAP for authentication

  Hi All,
  I want to use external ldap for authentication purpose with Access Manager.
  I tried adding this external ldap as a secondary ldap but couldn�t succeed.
  If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
  How can I achieve this?
  I read many topics in this forum regarding this but none of them explain how it can be achieved.
  Please suggest.
  Thanks in advance.

  This is what the amconsole log says:
  ERROR: ConsoleServletBase.onUncaughtException
  java.lang.NullPointerException
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
       at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
       at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
       at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
       at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
       at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
       at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
       at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
       at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
       at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
       at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
       at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

• WLC connect LDAP for Authentication, but could not connect to server

  Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
  Service Port - Not connected
  Distrubution port include:
       Management Interface - in AP Management VLAN - 30
       Student AP interface - in Student VLAN - 20
       Staff AP interface - in Staff VLAN - 10
  AD is in Staff VLAN - 10
  WLC LDAP Server setting
  Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  User Attribute: sAMAccountName
  User Object Type: Person
  Debug aaa all enable message
  *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
  WLC GUI Log:
  *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  LDP Message of LDAP BaseDN:
  Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
  Result <0>: (null)
  Matched DNs:
  Getting 1 entries:
  >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  4> objectClass: top; person; organizationalPerson; user;
  1> cn: Frankie F. Yeung;
  1> sn: Yeung;
  1> givenName: Frankie;
  1> initials: F;
  1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  1> instanceType: 0x4 = ( IT_WRITE );
  1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
  1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
  1> displayName: Frankie F. Yeung;
  1> uSNCreated: 3850555;
  1> uSNChanged: 3850571;
  1> name: Frankie F. Yeung;
  1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
  1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
  1> badPwdCount: 0;
  1> codePage: 0;
  1> countryCode: 0;
  1> badPasswordTime: 0;
  1> lastLogoff: 0;
  1> lastLogon: 0;
  1> pwdLastSet: <ldp error <0x0>: cannot format time field;
  1> primaryGroupID: 513;
  1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
  1> accountExpires: <ldp error <0x0>: cannot format time field;
  1> logonCount: 0;
  1> sAMAccountName: fckyeung;
  1> sAMAccountType: 805306368;
  1> userPrincipalName: [email protected];
  1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  Hope I can resolve this problem ASAP, thanks!

  Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
  The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
  But you can do LDAP for web authentication, that has no eap methods.
  Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

• Retrieve parameters from LDAP using authentication module

  I have existing LDAP that contains organization people and their attributes. I have several web applications that use existing LDAP for authentication and authorization. My goal is to deploy single sign-on with openSSO so that users are authenticated against existing LDAP. Changing of the existing LDAP is forbidden.
  I deployed newest stable OpenSSO and Apache2 + newest policy agents to web service servers.
  OpenSSO server uses LDAP authentication module to authenticate users against existing LDAP. It uses flat file data repository and realm attributes -> user profile is ignored.
  This basic setup works fine. The next step is to integrate existing web applications to single sign-on system. The authentication part works fine. I just disabled old mechanism from web applications that did the LDAP authentication. OpenSSO and Apache Policy agent are handling that part.
  The existing web applications are still querying existing LDAP other attributes there than uid and userpassword. Is it possible to configure OpenSSO to forward LDAP attributes to web application as cookie or header value? Or is the forwarding feature only for attributes in Data Store?
  If the forwarding is not possible what is the next best alternative ?

  OpenSSO forum is quite silent so I'm back with you guys.
  I managed to solve the agent error log problem I mentioned before. The problem was about nonexisting attributes in AMAgent.properties com.sun.am.policy.agents.config.profile.attribute.map. I removed extra attributes and the authentication against LDAP started to work again.
  The problem is that no attributes are forwarded from LDAP to web application. I have tried HTTP_COOKIE and HTTP_HEADER settings in AMAgent.properties and com.sun.am.policy.agents.config.profile.attribute.map is set to cn|common-name,mail|email.
  My LDAP looks like this:
  # testuser, pollo.fi
  dn: cn=testuser,dc=pollo,dc=fi
  cn: testuser
  objectClass: organizationalPerson
  objectClass: inetOrgPerson
  givenName: Test
  sn: User
  ou: People
  uid: testuser
  mail: [email protected]
  And my datastore configuration:
  LDAP server->localhost:389
  LDAP bind DN->cn=admin,dc=pollo,dc=fi
  LDAP organization DN->dc=pollo,dc=fi
  Attribute name mapping->empty
  LDAP3 Plugin supported types and operations->agent,group,realm,user all read,create,edit,delete
  LDAP3 Plugin search scope->scope_sub
  LDAP Users Search Attribute->uid
  LDAP Users Search Filter->(objectclass=inetorgperson)
  LDAP User Object Class->organizationalPerson
  LDAP User Attributes->uid, userpassword
  Create User Attribute Mapping->empty
  Attribute Name of User Status->inetuserstatus
  User Status Active Value->Active
  User Status Inactive Value->inactive
  LDAP Groups Search Attribute->cn
  LDAP Groups Search Filter->(objectclass=groupOfUniqueNames)
  LDAP Groups container Naming Attribute->ou
  LDAP Groups Container Value->groups
  LDAP Groups Object Class->top
  LDAP Groups Attributes->cn,description,dn,objectclass
  Attribute Name for Group Membership->empty
  Attribute Name of Unqiue Member->uniqueMember
  Attribute Name of Group Member URL->memberUrl
  LDAP People Container Naming Attribute->ou
  LDAP People Container Value->people
  LDAP Agents Search Attribute->uid
  LDAP Agents Container Naming Attribute->ou
  LDAP Agents Container Value->agents
  LDAP Agents Search Filter->(objectClass=sunIdentityServerDevice)
  LDAP Agents Object Class->sunIdentityServerDevice,top
  LDAP Agents Attributes->empty
  Identity Types That Can Be Authenticated->Agent,User
  Authentication Naming Attribute->uid
  Persistent Search Base DN->dc=pollo,dc=fi
  Persistent Search Filter->(objectclass=*)
  Persistent Search Maximum Idle Time Before Restart->0
  Should I enable some setting still to get the forwarding going on? Any ideas for debugging?

• Error updating LDAP properties: An internal error has occurred in the secLdap plugin

  Post Author: kbd_vijey
  CA Forum: Authentication
  Hi,
  We are using Environment / Tools : BusinessObjects Enterprise XI R2 ,Sun Soloris 10,Active Directory.
  To Configure the LDAP, we have done from CMC - > Authentication -> LDAP.
  The below steps we have followed.
  1) Please enter the LDAP hosts you are using. => Here, we have entered our AD's hostname:port (Ex: 192.168.0.8:389) (Is it correct?)
  2) We have passed all the required informations for all other tabs.
  3) SSL - Basic(no SSL), Authentication - Basic(no SSO)
  Finally its providing the error as " Error updating LDAP properties: An internal error has occurred in the secLdap plugin."
  If any one have solution or faced same problem, Kindly help us to resolve it.
  Thanks & Best Rgds,Vijey

  Post Author: TAZ
  CA Forum: Authentication
  There are 3 things needed to get the LDAP plugin configured.
  1) Host:port
  2) Base DN, usually dc=domain, dc=com
  3) LDAP Administrator DN (this is not a visible attribute in AD unless you use a tool like ADSIedit or ADExplorer). You probably have to enter the Base DN instead of the username.
  There are other AD specific issues when using the LDAP plugin to AD such as picking custom attributes, rules for multi domains, etc
  Regards,
  Tim

• 4.0.1 to 4.1.1 -- LDAP Directory Authentication Scheme fails

  Using the out of the box LDAP directory authentication scheme that worked fine in v. 4.0.1 is failing in v. 4.1.1. User authentication is failing with 'Invalid Login Credentials'. Debug shows that the User is 'nobody'. Looking at v. 4.0.1, User shows 'Admin'. Also, the 'LDAP test link' is no longer available in 4.1.1 - that's a bummer.
  Example debug 4.1.1:
  4161     426774014496602     nobody     103     101     50     6 minutes ago     0.8562
  Example debug 4.0.1:
  661     3340172823117775     ADMIN     130     101     57     36 seconds ago     0.3298
  Does anyone know if something was changed with the standard LDAP directory scheme? Or am I missing some configuration?

  Hi Julie,
  sorry, there is too little context for me to answer this question. I have no idea where and how you got that debug output, for example.
  As for testing, the LDAP authentication scheme calls wwv_flow_custom_auth_ldap.authenticate. It's no official API and we may revoke the grant in future versions, but in 4.1, you can for test LDAP auth in SQL workshop with
  declare
      l_status boolean;
  begin
      l_status := wwv_flow_custom_auth_ldap.authenticate (
                                   p_ldap_host     => ...host...,
                                   p_ldap_port     => ...port...,
                                   p_dn            => ...dn_string...,
                                   p_search_filter => ...search_filter...,
                                   p_password      => ...password...,
                                   p_use_ssl       => ...ssl_mode... (Y for SSL, A for SSL with authentication, N for no SSL),
                                   p_use_exact_dn  => ...use_exact_dn... (Y or N) );
      dbms_output.put_line(case when l_status then 'authenticated' else 'auth error' end);
  end;Regards,
  Christian

• Private Key Not Found Error in Ldaps

  Hi,
  I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
  "Either this certificate is for another server, or this certificate was not requested using this server".
  can any one help me in this regard.
  Regards
  Senthil
  Edited by: senlog80 on Dec 30, 2008 3:18 AM

  Or even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
  <b>Symptom</b>:
  When you execute a query with virtual characteristics or key figures, the system issues the following error message:
  Object FIELD I_S_DATA-<key figure> not found
  <b>Other terms</b>
  RSR00002, RSR_OLAP_BADI
  <b>Reason and Prerequisites</b>
  This problem is caused by a program error.
  <b>Solution</b>
  If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
  If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
  Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
  In urgent cases, you can use the correction instructions.
  To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
  Assign pts if helpful.

• HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.

  HI, Im using Iphone 4 and i recently got my IOS updated to IOS7 and  now im getting the error message as "PDP authentication failure" Im using Aircel carrier.
  Please let me know how to fix this issue

  update...
  I am not one to give up. So I called AT&T today. Now they are telling me they canceled my order because they were unable to fulfill my order. Basically, AT&T told me they sold out so they canceled my order so I can proceed to reorder again. It took them 4 days to realize this. I will be lucky if I get a new phone by Christmas. I am sure they will find a way to cancel my order again.
  Again, I argued, how is this my fault. I placed my order at the store around 11 a.m. Pacific time. My friend ordered his phone online sometime after me. He got his but my order was canceled. AT&T tried to explain to me that they sold over 600,000 phones, almost 500 per minute during there peak. Again, I asked, how this was my fault.
  I can understand over selling the phone. It is a great product. There is no reason to cancel my order. You adjust my order and tell me you will let me know when my phone will be in. I would have been mad that my phone was going to be late but I would have survived. At least I would be getting one.
  At this point, I have no order and AT&T or Apple website will allow me to order one. I just want to get in the QUEUE for one.
  Frustrated.

• Since moving to iCloud, my mobileme email works ONLY on my iPhone, but not on my PC with Outlook.  I get an error message indicating the authentication is not accepted.  any suggestions?

  since moving to iCloud, my mobileme email works ONLY on my iPhone, but not on my PC with Outlook.  I get an error message indicating the authentication is not accepted.

  To anyone who has viewed this post and is having similar difficulties, the answer came on a different forum: I dragged & dropped the files from Mail to iCloud Drive. Opened them on my MB Air, they were saved in Templates and are now accessible across all my devices.
  Answer came from SGIll: Numbers templateshttps://discussions.apple.com/message/27505880#27505880Numbers templates

• Lots of errors in LDAP Logs

  We are having some issues with some user accounts, and I went into the logs to see what I could find. I am getting tons of errors in LDAP alone. Here is from the last 30 minutes. Not sure what is means exactly... Can anybody shed some light on this
  Feb 8 12:00:38 server slapd[46]: SASL [conn=86077] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
  Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
  Feb 8 12:00:56 server slapd[46]: SASL [conn=86083] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:57 server slapd[46]: SASL [conn=86087] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:00:58 server slapd[46]: SASL [conn=86091] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
  Feb 8 12:03:48 server slapd[46]: SASL [conn=86106] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:18 server slapd[46]: SASL [conn=86131] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:19 server slapd[46]: SASL [conn=86135] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:19 server slapd[46]: SASL [conn=86139] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:20 server slapd[46]: SASL [conn=86143] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
  Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
  Feb 8 12:08:53 server slapd[46]: SASL [conn=86150] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:54 server slapd[46]: SASL [conn=86154] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:08:54 server slapd[46]: SASL [conn=86156] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:11:38 server slapd[46]: SASL [conn=86175] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:11:39 server slapd[46]: SASL [conn=86179] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:13:08 server slapd[46]: connection_read(22): no connection!\n
  Feb 8 12:15:32 server slapd[46]: connection_read(28): no connection!\n
  Feb 8 12:23:32 server slapd[46]: SASL [conn=86249] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:23:33 server slapd[46]: SASL [conn=86253] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:23:35 server slapd[46]: SASL [conn=86257] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
  Feb 8 12:30:37 server slapd[46]: connection_read(28): no connection!\n

  This article fixed my problem
  http://support.apple.com/kb/TS2915

• Error in LDAP Connector

  hi,
  Our idm use HCM,  so I try to use LDAP retrieved HR data. The JCo of Our idm and the ABAP RFC typed T run smoothy. When I start LDAP connector, it tells "Error starting LDAP Connector at operating system level".  In ST11, it reads follow:
     ======> JCO.Server could not find server function 'LDAPRFC_LOAD'
    ABAP Programm: SAPLSLDAP_CCMS (Transaction: LDAP)
    Called function module: LDAPRFC_LOAD
  I can't find the funtion LDAPRFC_LOAD.
  Is there any one can tell me a good method to solve it? Thanks very much!
  lily

  Forget to install LDAP Client at HCM OS

• Errors in LDAP configuration with Shared Services

  Dear sirs,
  we are getting errors in LDAP configuration with Shared Services.
  Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
  The group cn is cn=AH
  In LDAP log you can see the applications is searching the group:
  "ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
  When it should be:
  “ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
  We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
  Error Codes
  EPMCSS-05145
  Thanks in advance

  Hi.
  Could you try to define the Base DN as :
  ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
  I don't know if will work fine.. but you can use special characteres using with the "\"
  Good luck.
  Best regards!

• When trying to print I get error code 30892 and authentication required how do I fix this?

  I am new to my Mac and am having trouble printing.  I keep getting error code -30892 and authentication required and it can't print.  I have sharing features open on both my PC and my Mac.  Any suggestions?

  Doesn't sound like any error number I'm familiar with. What's your set-up? Are you using a print server?

• Error when using SAP authentication for Designer

  my error is:
  [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(The
  secSAPR3 DLL could not be found or does not exist(hr=#0x80042a01)
  can you help me?
  regards

  hi,
  pls refer the link
  Error when using SAP authentication for Designer
  try re-installing BOE and check
  hope it helps,
  sundar

• LDAP Web Authentication

  1. In WLC GUI, Security > AAA > LDAP, what other User Base DN / User Attribute / User Object Type syntax to use when you have 2 or more OU (not pertaining to sub-OUs)? aside from using the domail alone, ex: dc=cisco,dc=com
  2. Can OU be grouped in the active directory? then the WLC LDAP config will be pointing to the group created in the active directory?
  Reference in configuring LDAP Web Authentication:
  Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example, Document ID: 108008
  Any help would be appreciated. Thank you in advance!

  LDAP with web authentication only shows up in 5.0 config guides and later.
  The 2006 only supports up to 4.2 software. I think this should answer your question :-) It's a no