Ironport C370 LDAP issues

Hello Folks. We have an Ironport C370 and we couldn't log in to it anymore (GUI or SSH) using our domain password. It sends an e-mail showing "LDAP:query Server Name-AD accep result LDAP server misconfigured or unreachable"
Nothing has been changed in the configuration nor in the AD. Any ideas??? Thank you!

Please note that these are indications that the appliance is trying to establish a connection to the configured LDAP server under the "Server Name-AD" profile and the server is not responding. Based on this, it would be advisable to investigate the LDAP server to correct this issue.
Anything network wise changed? Network issues between the IronPort and your LDAP server? Domain controller?
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Similar Messages

Ironport C370 Ldap Accept problems

Hello all,
I'm having problems using ldap queries to validate recipients from my Cisco Ironport C370.
I'm receiving permanent Warning message like this:
The query CP_LDAP.accept failed with result inquiry timed out
I need to know how C370 establish TCP sessions for each Ldap host (one session for query, one session for all queries..). Ldap administrators are seeing lots of Established TCP connections fron Ironport C370 event though I've configured "Maximum number of simultaneous connections for each host" to 10.
I've checked it running the netstat command on C370 appliance (around 20 for each).
Is this a normal behaviour?
Thanks a lot.
Best Regards,
Alfonso Moneo

Hi Alfonso,
Do you have any kind of FW on the path or built-in FW on the email server?
In regards to your other question, the ESA will mantain a number of active TCP conns to your LDAP server (6 hours or 10,000 queries, what happens first).
HTH
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html

TLS mutual authentication and Separate default SMTP routes per listener - IronPort c370

Dear all ,
We have two IronPort C370 ESAs , formed in a cluster.
We are in a need to route e-mails targeted to a special group using TLS Required/Verify.
I have two questions :
1. Is TLS mutual authentication possible on both incoming and outgoing ?
2. Due to the nature of the TLS need the existing listener cannot be used. So I created a new listener and respective filters to decide when the recipient requirements are met. The new listener is going to be configured with a policy specifying TLS required/verify. Problem is that there is always a default SMTP route pointing specifically to a cloud service rather than directly to the Internet while for the new listener usedns is required. Is it possible to have two different default SMTP routes assigned to different listeners ?
Thanks and kind regards ,
Gino.
PS : Please bear with me and questions. I am making my first steps in Iron Port administration.

I have made some sort of progress but I would also like to have your expert opinions.
I have came to understand that in order to present TLS mutual authentication for the incoming traffic I will just have to trust the sender(s) CA ( containing SANs etc for both the SMTP domain and the ESA itself ) while if I spread own SANs to the counterparts I will also have TLS mutual authentication on the outgoing traffic as well. Issue is that I will have to declare it in destination controls and it cannot be generic.
Is there any way to make TLS required/verify with mutual authentication the default without having to set destination contol(s) ?
As for my second question I have came to understand that the additional listener is not an aditional MTA and concequently I cannot have separate default SMTP route ( default = what is called as "ALL" in IronPort ). Still if anyone knows something more it would be really helpful if it was shared.

LDAP issue after upgrading to SP15 from SP7 for CUP 5.3

Hello,
We have recently upgraded our Sandbox from SP 7 to SP15 on GRC 5.3 and Now having issues authenticating users using LDAP.
The connections and settings are exactly same as our Dev system which in on SP7 and the connection also says successful but when we go onto the request page and type in an id it says invalid credentials.
Am i missing something or is there a special procedure after upgrade .
Thanks
Uday

Hello Frank,
Thanks for the reply.I forgot to do it and as you said once i performed those steps it actually solved my password reset link issues as it was erroring out with 500 error and now it is working fine .
But to fix LDAP issue SAP has a note which says after SP13 we don't need to fill in the user path field while creating LDAP connector.
Thanks
Uday

About CPU utilization value of ironport C370 email-security-appliance

Hello all,
What is the normal / abnormal value for the following parameters of ironport C370 email-security-appliance ?
total active recipients
active messages in work queue
CPU utilization

Each appliance would be a little different based on the expected mail processing, throughput for your environment/domains... and then throw in which processes you have turned up (IPAS, AV, VOF, etc.)...
Typical C370 (running 8.0.1) should be able to handle:
1. ~18 +/- recipients/sec
2. average workqueue ~ 462
3. average CPU utilization of ~ 91%
The #s vary, again, based on what you have enabled and licensed. You would be well suited to open a dialog with your Sales Ops/Account team, as they have means to determine the proper numbers and outcomes for your environment.
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Questions about ESA license of ironport C370

Hello all,
We have two Cisco ironport C370 appliances.
There is one Product Authorization Key for the ESA Inbound Essentials SW Bundle (AS, AV, OF) License.
And there is a term called "entitlement quantity" for the ESA license.
The value of "entitlement quantity" = 1000
What is the meaning of "entitlement quantity" that is related to the ESA license ?
We would like to share the ESA license for two ironport C370.
Then is it means each ironport C370 get entitlement quantity of 500 ?
May you please help give advice on the questions above ?
Thanks very much !
Regards,
Roy

Answer to 1 :
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_license.html#pgfId-1053140
Answer to 2 :
Same link, it does state which licenses are non stackable.
For 3,
You probably may want to obtain a wireless service but do note of your requirements.

DNS/LDAP Issue for Trusted Domain

Hi
I'm trying to configure Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
Contact LDAP Server".
I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
When I check the log ADForestDisc.log I get this error message:
"Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
I have setup Conditional Forwarders in DNS in both domains.
I have also read other forums about this issue and should have the answer:
"This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
"The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
We are using Windows AD integrated DNS in both domains.
I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
Thanks in advance

Hi
Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
I don't Think this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

OES11SP1 LDAP issue on a node

Hi,
I have a 2 node cluster that we have upgraded from OES11 to OES11 sp1 at the beginning of august
Last week we create a new ressource on the primary node (let's say NODE 1), but when we want to migrate this new ressource to the other node (let's say NODE 2), the ressource became comatose.
On node 2 what i can see in /var/log/messages is the following
Aug 20 16:42:17 node2 ncs-resourced: Try LDAP for POOLDATA20_SERVER
Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
Aug 20 16:42:53 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.load
Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: CRM: Tue Aug 20 16:42:53 2013
Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.load: No such file or directory
Aug 20 16:42:53 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER load status=127
Aug 20 16:42:54 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.unload
Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: CRM: Tue Aug 20 16:42:54 2013
Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.unload: No such file or directory
Aug 20 16:42:54 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER unload status=127
I try to change the configuration using a new.conf file liket it is in the documentation :
CONFIG_NCS_CLUSTER_DN="cn=svr1_oes2_cluster.o=cont ext"
CONFIG_NCS_LDAP_INFO="ldaps://10.1.1.102:636,ldaps://10.1.1.101:636"
CONFIG_NCS_ADMIN_DN="cn=admin.o=context"
CONFIG_NCS_ADMIN_PASSWORD="password"
As the root user, enter the following command at a command prompt:
/opt/novell/ncs/install/ncs_install.py -l -f new.conf on node1 and on node2
and then cluster exec "/opt/novell/ncs/bin/ncs-configd.py -init"
I reboot node2 but it is exaclty the same.
Any idea ?
Stphane

Originally Posted by changju
Hi Stphane,
This is the key of the failure,
Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
Somehow, looks like the Python LDAP on node2 couldn't connect the LDAP servers (10.1.1.102:636 or 10.1.1.101:636).
Please first make sure that LDAP is up and running on the two servers.
Please check file "/etc/opt/novell/ncs/clstrlib.conf" to make sure that you have something like this,
p4
S'ldaps://10.1.1.102:636,ldaps://10.1.1.101:636'
If not, you need to modify file "new.conf" and run command "/opt/novell/ncs/install/ncs_install.py -l -f new.conf" on node2 again.
You can then check the result of the installation in file "/var/opt/novell/install/ncslog", or you can simply run command "/opt/novell/ncs/bin/ncs-configd.py -init" on node2 to try to pull down the latest NCS configuration.
If "/opt/novell/ncs/bin/ncs-configd.py -init" churns out a bunch of "dos2unix" messages (and pulls down the scripts for the new resources at "/var/opt/novell/ncs"), you should be able to migrate the resource.
Regards,
Changju
Thank you very much Changju.
I was not aware of this log file it was very helpfull.
Apparently a tls issue for my 2 ldap server. I change it to ldap instead of ldaps and it is working now.
Strange because i was able to connect using ldaps with ldap browser to the 2 nodes.
Again, thank you
Stphane

OBIEE 11g Security LDAP Issue

Hi,
I have an issue where certain LDAP users who were once able to log into OBI 11g now cannot.
This has only happened for those users who I have used the proxy ('Act As') functionality on ie. If UserA can login, and the Administration Act's As UserA, after an OBI restart UserA cannot log in anymore.
I have narrowed this issue down to the presenation catalog. If I swap the current catalog with the SampleAppLite catalog for example, the problem goes away i.e. the LDAP user (UserA in the example above) can log in fine.
I have also noticed while accessing the catalog via catalog manager, the Administrator cannot access the 'System' folder. This is with reference to the original catalog (which causes the issue with UserA above) that was upgrade from 10g to 11g.
Any ideas?
Thanks.

This is going to be almost impossible to diagnose without being logged in, in front of your application.
As a starting point I would recommend you check the permissions on each catalog element. Go to Catalog link > Change view to 'Admin View' > Catalog Root and then use the permissions link for that item and everything below. Ticking 'Show Hidden Items' will let you see the System folders.
Also check the privileges (Administration > Manage Privileges) as I seem to remember that the 'Act as Proxy' privilege is denied out of the box. Maybe something here is amiss.
It might be easiest to bite the bullet and create a new web catalog from scratch!
Paul

Flash Builder 4 LDAP issue on IIS 7 with Coldfusion 8

I have a cfc that returns empty strings back into my project when I attempt an auto login through LDAP. The same files perform correctly on a different server with IIS 6. I set up a simple cfm on the IIS 7 server and received the appropriate data. I set up a cfm on the IIS 7 server to invoke the very same cfc that fails in the flash builder and received the appropriate data. Both servers are inside the company firewall.
The web folder is set up as an application with windows authentication enabled, disabling and enabling the anonymous authentication seems to have no impact on any of the scenarios. I am assuming I am missing some configuration in the ColdFusion Flex integration but I am not sure what it is. Anyone have a shot in the dark on this one?
Enable Flash Remoting support &
Enable Remote Adobe LiveCycle Data Management access are both checked
SSL connections are not being used.

I absolutly did read the guidance notes and it was based in them that we installed.
Quote:
"Now that we have had an opportunity to undertake further testing with the final release of Mac OS X 10.7, we are pleased to report that there are only minor usability issues when using Flash Builder 4.5.1 on Mac OS X 10.7 and, as such, we will be updating our previous statement to confirm compatibility of these releases"
What I am now experiencing on two different machines is what appears to be outside the scope of these notes and either a new issue that is reproducible, or a Java issue related to 10.7. Not being a Java guy I'm not sure were to begin short of trying Eclipse on its own.
I am able to produce a crash of FB 4.5.1 by just trying to close an MXML file by clicking the close button of the tab, or by closing a project. This is on two seperate machines now.

Same old LDAP issue

hey folks,
i am trying to validate an user from my LDAP db
here are my LDAP entries..
dn: cn=jim,o=attinfo,c=us
objectclass: inetOrgPerson
objectclass: ePerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: jim
sn: robinson
userpassword: {iMASK}>1e5rd9bCaqTnz9oQQSVhFYekLSoUp2vAnOWaZIKO8LfBBW1RuAJi2mvu 4dwcQ+4r5TPYQIFnQyT6QKGV4LEnQvpSLb7vckUjmt2FyrTKtVfJghCZiLvH61oXB1eEawkLFQOi cfjP2lYQYi0LdA5a4mS03I1JrdVdbF<
uid: jim
description:: and here is the java code to access that..
import javax.naming.ldap.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class TestLdap2{
public TestLdap2(){
try{
DirContext ctx = null;
Hashtable ht = new Hashtable(2);
ht.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
     ctx = new InitialDirContext(ht);        SearchControls ctls = new SearchControls();        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);        NamingEnumeration ne = ctx.search("o=attinfo","(sn=robinson)",ctls);
        while(ne.hasMore()){
             SearchResult sr = (SearchResult) ne.next();
            System.out.println("DN: "+sr.getName());
Attributes attrbs = sr.getAttributes();
   for (NamingEnumeration nE = attrbs.getAll();nE.hasMoreElements();)
                Attribute attr = (Attribute) nE.next();
                String attrID = attr.getID();                   System.out.println("ID: "+attrID);
for (Enumeration vals = attr.getAll();vals.hasMoreElements();)
                 System.out.println("Vals: "+vals.nextElement());
ctx.close();
} catch (Exception e){
          e.printStackTrace();
public static void main(String args[]){
     new TestLdap2();
}I am getting following error..
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; rema
ining name 'o=attinfo'
is it some kind of binding issue...
any help is appreciated..
thanx..

Hello, it isn't necessarily a 'binding' issue -- that indicates permissions issues. The problem is that you are searching for Jim in 'o=attinfo,o=attinfo', and ignoring the root ('c=us'). The easiest way to solve the problem is to change the line:
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
To the following:
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/c=us");
Thus, your initial context will be at the root, and when you search your context will change to 'o=attinfo,c=us' which should contain your entry.
Good luck,
Derek

Problem with access to Ironport C370

Hi,
We have C370 (upgraded to last version) configured and everythings work fine! But one day, from some reason, we cant access Ironport via HTTPS, HTTP and SSH, only works ping. Problem with network is not because we try access Ironport direct from Managment port. After reboot, then access is fine. Please can you tell me how I can figure out what was a problem, which logs I need to analyze.... Why I could not access to ironport via HTTP/S, SSH?

I dont think that problem is exchange because problem also was about accessing to ironport, I think that some problem is on ironport:
Tue Apr 16 16:08:52 2013 Info: New SMTP DCID 15929874 interface 172.30.20.4 address 65.55.37.88 port 25
Tue Apr 16 16:08:52 2013 Info: ICID 5276886 Receiving Failed: Out of Memory
Tue Apr 16 16:08:52 2013 Info: ICID 5276886 close
Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929873 MID 11206813 to RID 0 - 4.1.0 - Unknown address error ('450', ['too many connections from your IP (rate controlled)']) []
Tue Apr 16 16:08:53 2013 Info: MID 11206813 to RID [0] pending till Tue Apr 16 17:08:53 2013 [Default]
Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929873 domain: shop.com IP: 216.136.0.12 port: 25 details: EOF interface: 172.30.20.4 reason: network error
Tue Apr 16 16:08:53 2013 Info: ICID 5276890 Receiving Failed: Out of Memory
Tue Apr 16 16:08:53 2013 Info: ICID 5276890 close
Tue Apr 16 16:08:53 2013 Info: New SMTP DCID 15929875 interface 172.30.20.4 address 216.136.0.12 port 25
Tue Apr 16 16:08:53 2013 Info: Delivery start DCID 15929874 MID 11744351 to RID [0]
Tue Apr 16 16:08:53 2013 Info: New SMTP ICID 5276899 interface data (172.30.20.4) address 172.29.18.137 reverse dns host unknown verified no
Tue Apr 16 16:08:53 2013 Info: ICID 5276899 RELAY SG RELAY match 172.0.0.0/8 SBRS rfc1918
Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929874 domain: hotmail.com IP: 65.55.37.88 port: 25 details: 421-"RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors." interface: 172.30.20.4 reason: unexpected SMTP response
Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929874 MID 11744351 to RID 0 - 4.3.2 - Not accepting messages at this time ('421', ["RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors."]) []

ISE 1.3 Upgrade LDAP Issue

We recently upgraded to 1.3 and everything seems fine except that we noticed that the catalyst switches we use AD authentication through ISE for stopped dropping us automatically in enable mode. I did rejoin the device to AD as required post upgrade and have since unjoined and rejoined. When I run the test user option for the AD Identity store I get an error saying its unable to fetch LDAP attributes, see attached. There is also a similar error in the syslog anytime a user logs into the switch. I went back on the syslogs and these errors were not happening until the upgrade. I am assuming this somehow correlates to my issue. Anyone else experienced this post upgrade? Thanks.

Are you using LDAP or native AD join ?
There are some issues with LDAP and quotes in the group names, which is not supported. I also have had issues with 1.3 and using comma and users names, so something like Doe, John. is not possible as the name of a user in AD.
As for native AD, i have not had any issues with ISE 1.3

ZfH LDAP issues

Anyone come across anything like this before - tried running CfgSrvr
again
and it just loops around with this failure.
Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
22 December 2003 16:01:11
An error occured while attempting to obtain <LDAP> credentials.
SUGGESTION:
Re-run server configuration (CfgSrvr.exe), and re-specify
account information.
Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
22 December 2003 16:01:11
An error occurred during data decryption. Error code = <-1497>.

David,
Thanks for the rapid response :-)
Just updated to NICI 2.6.1 and it seems to have resolved the issue.
Steve
"David W Kegel" <[email protected]> wrote in message
news:AYEFb.2500$[email protected]..
> Yes, this problem comes up occasionally. Something to do with a
problem
> updating NICI version 2.4. try the following:
>
> 1) Go to \winnt\system32\novell\nici
> 2) right click - properties - security tab - advanced button - owner
> tab - check "replace owner on subcontainer"
> 3) ok - ok - then go into the administrator directory, and right
click
> each of the 3 files in there, choose properties, security tab -
check
> "Allow inheritable..."
> ** you should see the Administrators group added to these files.
>
> Then CfgSrvr should run OK.
>
> Dave Kegel
> Novell, Inc.
>
> >>> Steve Thompson<steve_thompson@__engl.co.uk> 12/22/03 10:16:26 AM
>>>
>
> Anyone come across anything like this before - tried running CfgSrvr
again
> and it just loops around with this failure.
> Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
>
> 22 December 2003 16:01:11
>
> An error occured while attempting to obtain <LDAP> credentials.
>
> SUGGESTION:
>
> Re-run server configuration (CfgSrvr.exe), and re-specify
>
> account information.
>
> Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
>
> 22 December 2003 16:01:11
>
> An error occurred during data decryption. Error code = <-1497>.
>
>
>
>
>

LDAP issue

We have a 10.3.2 WLP environment that has an AD and an ADAM security provider on it. Our portal application authenticates clients against ADAM and other users through AD. This setup has been working for a year with no issue. We moved our hardware this weekend (no other changes) and since that time we have not been able to log into this application through AD or ADAM. All the AD and ADAM users and groups can be seen through the WebLogic console so the provider infornmation should be good. We rebooted our physical app servers boxes as well as the ADAM and AD boxes to no avail. There is no error on our login page when the user tries to connect, it just goes back to the login page. However, in the app server logs we see the error below. Any good suggestions or ideas will be awarded points. Any resolutions will be awarded a refigerator magnet or key chain :)
We have tried redploying the application and deleting the JVM cache, as well as trying previous versions of the app code, same result. One other note, the attempts to login do NOT make it to ADAM as the accounts never get locked out (which they should after 3 wrong attempts).
Thanks
####<Aug 1, 2012 12:27:05 PM CDT> <Notice> <Stdout> <qaportal1> <PortalServer1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1343842025611> <BEA-000000> <12:27:05,611 ERROR [[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] com.fc.framework.service.ldap.exception.LDAPException - com.fc.framework.service.ldap.exception.LDAPNamingException[ javax.naming.AuthenticationException]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 700, v1db1 ]
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at com.fc.framework.service.ldap.env.Environment.getDirContext(Environment.java:332)
     at com.fc.framework.service.ldap.env.Environment.getInitDirContextSearch(Environment.java:407)
     at com.fc.framework.service.ldap.util.UserLocator.getUserType(UserLocator.java:46)
     at com.fc.framework.service.security.SecurityHelper.getUser(SecurityHelper.java:290)
     at com.fc.framework.service.security.SecurityHelper.userSearchByUserId(SecurityHelper.java:101)
     at com.fc.controls.security.SecurityControlImpl.userSearchByUserId(SecurityControlImpl.java:117)
     at com.fc.controls.security.SecurityControlBean.userSearchByUserId(SecurityControlBean.java:673)
     at Controller.isUserIdCaseValid(Controller.java:952)
     at Controller.doValidateUserIdUserUserType(Controller.java:310)
     at Controller.doLogin(Controller.java:287)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870)
     at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
     at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
     at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
     at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
     at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
     at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
     at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
     at org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrapAction(ActionInterceptor.java:184)
     at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
     at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
     at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:87)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
     at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
     at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
     at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
     at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
     at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
     at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
     at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
     at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
     at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)>

Thanks Brian for assisting me with this issue.
I am still extremely new to how to deploy the product and it looks like the fix for this was to go into Privileges and set LDAP Customer creation. I hadn't done that. Once that was done everything worked correctly.
Richard

Ironport C370 LDAP issues

Similar Messages

Maybe you are looking for