LDAP issue

Similar Messages

• LDAP issue after upgrading to SP15 from SP7 for CUP 5.3

  Hello,
  We have recently upgraded our Sandbox from SP 7 to SP15 on GRC 5.3 and Now having issues authenticating users using LDAP.
  The connections and settings are exactly same as our Dev system which in on SP7 and the connection also says successful but when we go onto the request page and type in an id it says invalid credentials.
  Am i missing something or is there a special procedure after upgrade .
  Thanks
  Uday

  Hello Frank,
  Thanks for the reply.I forgot to do it and as you said once i performed those steps it actually solved my password reset link issues as it was erroring out with 500 error and now  it is working fine .
  But to fix LDAP issue SAP has a note which says after SP13 we don't need to fill in the user path field while creating LDAP connector.
  Thanks
  Uday

• DNS/LDAP Issue for Trusted Domain

  Hi
  I'm trying to configure  Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
  Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
  Contact LDAP Server".
  I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
  When I check the log ADForestDisc.log I get this error message:
  "Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
  I have setup Conditional Forwarders in DNS in both domains.
  I have also read other forums about this issue and should have the answer:
  "This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
  "The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
  We are using Windows AD integrated DNS in both domains.
  I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
  Thanks in advance

  Hi
  Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
  The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
  I don't Think  this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

• OES11SP1 LDAP issue on a node

  Hi,
  I have a 2 node cluster that we have upgraded from OES11 to OES11 sp1 at the beginning of august
  Last week we create a new ressource on the primary node (let's say NODE 1), but when we want to migrate this new ressource to the other node (let's say NODE 2), the ressource became comatose.
  On node 2 what i can see in /var/log/messages is the following
  Aug 20 16:42:17 node2 ncs-resourced: Try LDAP for POOLDATA20_SERVER
  Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
  Aug 20 16:42:53 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.load
  Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: CRM: Tue Aug 20 16:42:53 2013
  Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.load: No such file or directory
  Aug 20 16:42:53 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER load status=127
  Aug 20 16:42:54 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.unload
  Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: CRM: Tue Aug 20 16:42:54 2013
  Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.unload: No such file or directory
  Aug 20 16:42:54 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER unload status=127
  I try to change the configuration using a new.conf file liket it is in the documentation :
  CONFIG_NCS_CLUSTER_DN="cn=svr1_oes2_cluster.o=cont ext"
  CONFIG_NCS_LDAP_INFO="ldaps://10.1.1.102:636,ldaps://10.1.1.101:636"
  CONFIG_NCS_ADMIN_DN="cn=admin.o=context"
  CONFIG_NCS_ADMIN_PASSWORD="password"
  As the root user, enter the following command at a command prompt:
  /opt/novell/ncs/install/ncs_install.py -l -f new.conf on node1 and on node2
  and then cluster exec "/opt/novell/ncs/bin/ncs-configd.py -init"
  I reboot node2 but it is exaclty the same.
  Any idea ?
  Stphane

  Originally Posted by changju
  Hi Stphane,
  This is the key of the failure,
  Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
  Somehow, looks like the Python LDAP on node2 couldn't connect the LDAP servers (10.1.1.102:636 or 10.1.1.101:636).
  Please first make sure that LDAP is up and running on the two servers.
  Please check file "/etc/opt/novell/ncs/clstrlib.conf" to make sure that you have something like this,
  p4
  S'ldaps://10.1.1.102:636,ldaps://10.1.1.101:636'
  If not, you need to modify file "new.conf" and run command "/opt/novell/ncs/install/ncs_install.py -l -f new.conf" on node2 again.
  You can then check the result of the installation in file "/var/opt/novell/install/ncslog", or you can simply run command "/opt/novell/ncs/bin/ncs-configd.py -init" on node2 to try to pull down the latest NCS configuration.
  If "/opt/novell/ncs/bin/ncs-configd.py -init" churns out a bunch of "dos2unix" messages (and pulls down the scripts for the new resources at "/var/opt/novell/ncs"), you should be able to migrate the resource.
  Regards,
  Changju
  Thank you very much Changju.
  I was not aware of this log file it was very helpfull.
  Apparently a tls issue for my 2 ldap server. I change it to ldap instead of ldaps and it is working now.
  Strange because i was able to connect using ldaps with ldap browser to the 2 nodes.
  Again, thank you
  Stphane

• OBIEE 11g Security LDAP Issue

  Hi,
  I have an issue where certain LDAP users who were once able to log into OBI 11g now cannot.
  This has only happened for those users who I have used the proxy ('Act As') functionality on ie. If UserA can login, and the Administration Act's As UserA, after an OBI restart UserA cannot log in anymore.
  I have narrowed this issue down to the presenation catalog. If I swap the current catalog with the SampleAppLite catalog for example, the problem goes away i.e. the LDAP user (UserA in the example above) can log in fine.
  I have also noticed while accessing the catalog via catalog manager, the Administrator cannot access the 'System' folder. This is with reference to the original catalog (which causes the issue with UserA above) that was upgrade from 10g to 11g.
  Any ideas?
  Thanks.

  This is going to be almost impossible to diagnose without being logged in, in front of your application.
  As a starting point I would recommend you check the permissions on each catalog element. Go to Catalog link > Change view to 'Admin View' > Catalog Root and then use the permissions link for that item and everything below. Ticking 'Show Hidden Items' will let you see the System folders.
  Also check the privileges (Administration > Manage Privileges) as I seem to remember that the 'Act as Proxy' privilege is denied out of the box. Maybe something here is amiss.
  It might be easiest to bite the bullet and create a new web catalog from scratch!
  Paul

• Flash Builder 4 LDAP issue on IIS 7 with Coldfusion 8

  I have a cfc that returns empty strings back into my project when I attempt an auto login through LDAP. The same files perform correctly on a different server with IIS 6. I set up a simple cfm  on the IIS 7 server and received the appropriate data. I set up a cfm on the IIS 7 server  to invoke the very same cfc that fails in the flash builder and received the appropriate data. Both servers are inside the company firewall.
  The web folder is set up as an application with windows authentication enabled, disabling and enabling the anonymous authentication seems to have no impact on any of the scenarios. I am assuming I am missing some configuration in the ColdFusion Flex integration but I am not sure what it is. Anyone have a shot in the dark on this one?
  Enable Flash Remoting support  &
  Enable Remote Adobe LiveCycle Data Management access  are both checked
  SSL connections are not being used.

  I absolutly did read the guidance notes and it was based in them that we installed.
  Quote:
  "Now that we have had an opportunity to undertake further testing with the final release of Mac OS X 10.7, we are pleased to report that there are only minor usability issues when using Flash Builder 4.5.1 on Mac OS X 10.7 and, as such, we will be updating our previous statement to confirm compatibility of these releases"
  What I am now experiencing on two different machines is what appears to be outside the scope of these notes and either a new issue that is reproducible, or a Java issue related to 10.7. Not being a Java guy I'm not sure were to begin short of trying Eclipse on its own.
  I am able to produce a crash of FB 4.5.1 by just trying to close an MXML file by clicking the close button of the tab, or by closing a project. This is on two seperate machines now.

• Same old LDAP issue

  hey folks,
  i am trying to validate an user from my LDAP db
  here are my LDAP entries..
  dn: cn=jim,o=attinfo,c=us
  objectclass: inetOrgPerson
  objectclass: ePerson
  objectclass: organizationalPerson
  objectclass: person
  objectclass: top
  cn: jim
  sn: robinson
  userpassword: {iMASK}>1e5rd9bCaqTnz9oQQSVhFYekLSoUp2vAnOWaZIKO8LfBBW1RuAJi2mvu 4dwcQ+4r5TPYQIFnQyT6QKGV4LEnQvpSLb7vckUjmt2FyrTKtVfJghCZiLvH61oXB1eEawkLFQOi cfjP2lYQYi0LdA5a4mS03I1JrdVdbF<
  uid: jim
  description:: and here is the java code to access that..
  import javax.naming.ldap.*;
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.*;
  public class TestLdap2{     
  public TestLdap2(){     
  try{     
  DirContext ctx = null;
  Hashtable ht = new Hashtable(2);
  ht.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");     
  ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
       ctx = new InitialDirContext(ht);        SearchControls ctls = new SearchControls();        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);        NamingEnumeration ne = ctx.search("o=attinfo","(sn=robinson)",ctls);
          while(ne.hasMore()){
               SearchResult sr = (SearchResult) ne.next();
              System.out.println("DN: "+sr.getName());
  Attributes attrbs = sr.getAttributes();          
     for (NamingEnumeration nE = attrbs.getAll();nE.hasMoreElements();)
                  Attribute attr = (Attribute) nE.next();
                  String attrID = attr.getID();                   System.out.println("ID: "+attrID);            
  for (Enumeration vals = attr.getAll();vals.hasMoreElements();)
                   System.out.println("Vals: "+vals.nextElement());
  ctx.close();     
  } catch (Exception e){
            e.printStackTrace();     
  public static void main(String args[]){
       new TestLdap2();     
  }I am getting following error..
  javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; rema
  ining name 'o=attinfo'
  is it some kind of binding issue...
  any help is appreciated..
  thanx..

  Hello, it isn't necessarily a 'binding' issue -- that indicates permissions issues. The problem is that you are searching for Jim in 'o=attinfo,o=attinfo', and ignoring the root ('c=us'). The easiest way to solve the problem is to change the line:
  ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
  To the following:
  ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/c=us");
  Thus, your initial context will be at the root, and when you search your context will change to 'o=attinfo,c=us' which should contain your entry.
  Good luck,
  Derek

• ISE 1.3 Upgrade LDAP Issue

  We recently upgraded to 1.3 and everything seems fine except that we noticed that the catalyst switches we use AD authentication through ISE for stopped dropping us automatically in enable mode. I did rejoin the device to AD as required post upgrade and have since unjoined and rejoined. When I run the test user option for the AD Identity store I get an error saying its unable to fetch LDAP attributes, see attached. There is also a similar error in the syslog anytime a user logs into the switch. I went back on the syslogs and these errors were not happening until the upgrade. I am assuming this somehow correlates to my issue. Anyone else experienced this post upgrade? Thanks.

  Are you using LDAP or native AD join ?
  There are some issues with LDAP and quotes in the group names, which is not supported. I also have had issues with 1.3 and using comma and users names, so something like Doe, John. is not possible as the name of a user in AD.
  As for native AD, i have not had any issues with ISE 1.3

• ZfH LDAP issues

  Anyone come across anything like this before - tried running CfgSrvr
  again
  and it just loops around with this failure.
  Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
  22 December 2003 16:01:11
  An error occured while attempting to obtain <LDAP> credentials.
  SUGGESTION:
  Re-run server configuration (CfgSrvr.exe), and re-specify
  account information.
  Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
  22 December 2003 16:01:11
  An error occurred during data decryption. Error code = <-1497>.

  David,
  Thanks for the rapid response :-)
  Just updated to NICI 2.6.1 and it seems to have resolved the issue.
  Steve
  "David W Kegel" <[email protected]> wrote in message
  news:AYEFb.2500$[email protected]..
  > Yes, this problem comes up occasionally. Something to do with a
  problem
  > updating NICI version 2.4. try the following:
  >
  > 1) Go to \winnt\system32\novell\nici
  > 2) right click - properties - security tab - advanced button - owner
  > tab - check "replace owner on subcontainer"
  > 3) ok - ok - then go into the administrator directory, and right
  click
  > each of the 3 files in there, choose properties, security tab -
  check
  > "Allow inheritable..."
  > ** you should see the Administrators group added to these files.
  >
  > Then CfgSrvr should run OK.
  >
  > Dave Kegel
  > Novell, Inc.
  >
  > >>> Steve Thompson<steve_thompson@__engl.co.uk> 12/22/03 10:16:26 AM
  >>>
  >
  > Anyone come across anything like this before - tried running CfgSrvr
  again
  > and it just loops around with this failure.
  > Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
  >
  > 22 December 2003 16:01:11
  >
  > An error occured while attempting to obtain <LDAP> credentials.
  >
  > SUGGESTION:
  >
  > Re-run server configuration (CfgSrvr.exe), and re-specify
  >
  > account information.
  >
  > Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
  >
  > 22 December 2003 16:01:11
  >
  > An error occurred during data decryption. Error code = <-1497>.
  >
  >
  >
  >
  >

• Can't make OD master - LDAP issue?

  So, I upgraded my 10.6 to 10.7 and also downloaded server with it.  I'm trying to turn my computer into an OD master. 
  I made my computer a DNS server - I can dig my IP and my FQDN.  No problems.
  When I go to make a OD master it tells me it failed and to go to the documentation (I don't see that online yet).
  When I go to Console and take a peek at my logs I start with a
  nstat_lookup_entry failed: 2
  And then I get several errors about LDAP server
  [PasswordServerPrefsObject getsearchbase]: Unable to locate search base: -1 Can't contact LDAP server
  [PasswordServerPrefsObject loadXMLdata]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  Ther are another 10 similar complaints, and then the whole process fails with -1 when applying directory role change.
  Anyone have any ideas?  I keep hoping this is somehting easy I'm missing.......

  I am having this same issue after migration today! Anyone have a solution? My open directory is offline (according to server admin that I installed).
  That log says..
  Feb  4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  Feb  4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
  Feb  4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
  Feb  4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
  In directory utiltiy my LDAP didn't move in the migration...however, when I set it up...still doesnt work....
  Anyone know the secret sauce?

• Ironport C370 LDAP issues

  Hello Folks. We have an Ironport C370 and we couldn't log in to it anymore (GUI or SSH) using our domain password. It sends an e-mail showing "LDAP:query Server Name-AD accep result LDAP server misconfigured or unreachable"
  Nothing has been changed in the configuration nor in the AD. Any ideas??? Thank you!

  Please note that these are indications that the appliance is trying to establish a connection to the configured LDAP server under the "Server Name-AD" profile and the server is not responding.  Based on this, it would be advisable to investigate the LDAP server to correct this issue.
  Anything network wise changed?  Network issues between the IronPort and your LDAP server?  Domain controller?
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• Direct Ldap Issue

  Hi
  I am using messaging server 5.2. Previously we are using Dirsync in our messaging server , after migrating to direct Ldap we are receiving the the following error
  for some domain
  "5.1.1 unknown or illegal alias: [email protected]"
  i am attaching the output of /imsimta test -rewrite [email protected] for your reference
  forward channel = l
  channel description =
  channel user filter =
  dest channel filter =
  source channel filter =
  channel flags #0 = BIDIRECTIONAL MULTIPLE IMMNONURGENT NOSERVICEALL
  channel flags #1 = NOSMTP DEFAULT
  channel flags #2 = NOSENDPOST NOWARNPOST POSTHEADONLY HEADERINC NOEXPROUTE
  channel flags #3 = LOGGING NOGREY NORESTRICTED RETAINSECURITMULTIPARTS
  channel flags #4 = EIGHTBIT NOHEADERTRIM NOHEADERREAD RULES
  channel flags #5 =
  channel flags #6 = LOCALUSER REPORTHEADER
  channel flags #7 = NOSWITCHCHANNEL NOREMOTEHOST DATEFOUR DAYOFWEEK
  channel flags #8 = NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
  channel flags #9 = NOTHURMAN INTERPRETENCODING USEINTERMEDIATE RECEIVEDFROM VALIDATELOCALSYSTEM NOTURN
  defaulthost = hathway.com hathway.com
  linelength = 1023
  channel env addr type = SOURCEROUTE
  channel hdr addr type = SOURCEROUTE
  channel official host = mhr.hathway.com
  channel queue 0 name = LOCAL_POOL
  channel queue 1 name = LOCAL_POOL
  channel queue 2 name = LOCAL_POOL
  channel queue 3 name = LOCAL_POOL
  channel after params =
  channel user name =
  urgentnotices = 1 2 4 7
  normalnotices = 1 2 4 7
  nonurgentnotices = 1 2 4 7
  channel rightslist ids =
  local behavior flags = %x7
  backward channel = l
  header To: address = [email protected]
  header From: address = [email protected]
  envelope To: address = [email protected] (route (mhr.hathway.com,mhr.hathway.com)) (host ol24.net)
  envelope From: address = [email protected]
  name =
  mbox = test
  Extracted address action list:
  [email protected]
  Extracted 733 address action list:
  [email protected]
  Address list expansion:
  0 expansion total.
  Expanded address:
  [email protected]
  Submitted address list:
  Address list error -- 5.1.1 unknown or illegal alias: [email protected]
  Submitted notifications list:
  Regards
  Prashant

  Prashant_wagh wrote:
  I am using messaging server 5.2. Previously we are using Dirsync in our messaging server , after migrating to direct Ldap we are receiving the the following error for some domain Please always provide the full version of Messaging Server (./imsimta version).
  "5.1.1 unknown or illegal alias: [email protected]"
  Was this address "working" prior to implementing direct-ldap?
  This issue usually occurs for two reasons:
  1) You have no user/group LDAP entry which has a mail:/mailalternateaddress:/mailequivalentaddress: of [email protected]
  2) You have more then one entry with a mail:/mailalternateaddress:/mailequivalentaddress: of [email protected]
  The old (and broken) dirsync mechanism would "handle" the second scenario. You can check to see whether you have (1) or (2) occurring by performing an ldap search e.g.
  ldapsearch -h <directory server> -b <user/group base> -D "cn=directory manager" -w <directory manager password> \
  "(|(mail=[email protected])(mailalternateaddress=[email protected])(mailequivalentaddress=[email protected]))" dn
  e.g.
  ldapsearch -h myserver.com -b o=isp -D "cn=directory manager" -w secretpass \
  "(|(mail=[email protected])(mailalternateaddress=[email protected])(mailequivalentaddress=[email protected]))" dnRegards,
  Shane.

• LDAP Issues with 4.1 upgrade - partial success

  All,
  I’ve spent the last few hours going through the forum and reading the documentation on LDAP authentication issues after upgrading to 4.1.
  I have completed every suggestion that has been posted and still no success.
  If I run the following from SQL Workshop I get a successful authentication
  declare
     l_session dbms_ldap.session;
     l_dummy   pls_integer;
  begin
     dbms_ldap.use_exception := TRUE;
     l_session := dbms_ldap.init('host.domain.com', 389 );
     l_dummy   := dbms_ldap.simple_bind_s(l_session, 'domain\user', 'password');
     dbms_output.put_line('authenticated');
     l_dummy   := dbms_ldap.unbind_s(l_session);
  exception when others then
     l_dummy := dbms_ldap.unbind_s(l_session);   
     raise;
  end;However if I run the APEX_LDAP.AUTHENTICATE using the same inputs it will not authenticate
  begin
  IF APEX_LDAP.AUTHENTICATE(
    p_username =>'domain\user',
    p_password => 'password',
    p_search_base => 'dc=domain,dc=com',
    p_host => 'host.domain.com',
    p_port => 389)
  THEN htp.p('authenticated');
  ELSE htp.p('not authenticated');
  END IF;
  End;Is a successful authentication using APEX_LDAP.AUTHENTICATE a prerequisite for the application to authenticate correctly, this is the only option I know to test the configuration?
  I have run the scripts to update the ACLs for user APEX_040100 and workspace schema user.
  Thanks in advance,
  Darin
  Apex 4.1
  Oracle 11.2g
  Active Directory

  If the simple_bind_s works that is sufficient proof that the network acl is okay, and so are your credentials. I'd not bother too much with apex_ldap since that integrates with OID, and if you don't have that it becomes pretty much worthless.
  So i assume that your authentication scheme is the pre-built LDAP one. Could you share some more (obscured i understand) details about how you have set up the details? Especially your "Distinguished Name (DN) String", "Use Exact Distinguished Name (DN)" (Yes/No), "LDAP Username Edit Function". I'm also assuming that you want users to log in with their login-username (samaccountname)?

• WLS 7.0 LDAP Issue

  I am trying to use Netscape LDAP server for authentication with WLS 7.0, but having
  some problems.
  Here are steps I took.
  -Configured and started the default server
  -Add IPlanet LDAP provider
  -Removed the default Authentication provider and identity assertion provider.
  On the LDAP side, I have a Administrators group and have system user in that group.
  Restarted the server, came up correctly with user/password of LDAP server, and I
  assumed that it authenticated to LDAP server.
  On the console, if I click on Users or Groups, I do not see any user and group, and
  no option to create a user and group.
  What could be wrong here?
  After sometime, with the same settings I restarted server, and can not get authentication,
  getting access denied error.
  Can anyone please help me?

  Did you find a solution for this problem?
  I have somthing very similar going on where I am currently working.
  Thanks!
  Andy.
  "Simple Guy" <[email protected]> wrote:
  >
  Hi,
  I've a setup with iplanet 6.x webserver using the wls 7.0 sp2 proxy plugin
  to
  route requests to the clustered app server instances (2 of them) that
  are in wls
  6.1 sp3.
  The issue is, I'm noticing that the session is not sticky and is getting
  routed
  onto the other app server instance. The error that I see in the wlproxy.log
  is
  as follows:
  *******Exception type [PROTOCOL_ERROR] raised
  at line 654 of URL.cpp
  Thu Nov 13 11:30:08 2003 failure on sendRequest() w/ recycled connection
  to Instance1:7001, numfailures=1
  Thu Nov 13 11:30:08 2003 Marking Instance1:7001 as bad
  Thu Nov 13 11:30:08 2003 got exception in sendRequest phase:
  PROTOCOL_ERROR [line 654 of URL.cpp]: unexpected EOF
  reading HTTP status at line 1010
  Thu Nov 13 11:30:08 2003 Failing over after sendRequest exception
  Thu Nov 13 11:30:08 2003 attempt #1 out of a max of 5
  Has anyone seen this issue? Can anyone explain why this issue is occuring.?
  Thanks.

• LDAP issues with 5508 WLC

  I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.
  WLC5508 software 7.2.110
  wlan id 1 is set to LDAP server1
  wlan id 4 is set to LDAP server2
  tests
  user server1 connect to wlan1
  user server1 connect to wlan4    - this should not happen
  user server2 connect to wlan4
  user server2 connect to wlan1     - this should not happen                  
  This scenario already work fine on WLC 4400 with software 7.0.116
  Anyone already has a similar problem?
  thanks,
  Murilo Cavallini

  Both DataBase is created on the same AD, but this Server has 2 network interface.
  wlan1 is set to LDAP Server2: IP address 10.19.198.254
  show ldap 2
  Server Index..................................... 2
  Address.......................................... 10.19.198.254
  Port............................................. 389
  Enabled.......................................... Yes
  User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
  User Attribute................................... sAMAccountName
  User Type........................................ Person
  Retransmit Timeout............................... 2 seconds
  Bind Method ..................................... Anonymous
  *LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br
  Server Index..................................... 2
  Address.......................................... 10.19.198.254
  Port............................................. 389
  Enabled.......................................... Yes
  User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
  User Attribute................................... sAMAccountName
  User Type........................................ Person
  Retransmit Timeout............................... 2 seconds
  Bind Method ..................................... Anonymous
  wlan2 is set to LDAP Server1: IP address 10.19.198.176
  show ldap 1
  Server Index..................................... 1
  Address.......................................... 10.19.198.176
  Port............................................. 389
  Enabled.......................................... Yes
  User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
  User Attribute................................... sAMAccountName
  User Type........................................ Person
  Retransmit Timeout............................... 2 seconds
  Bind Method ..................................... AnonymousServer Index..................................... 1
  Address.......................................... 10.19.198.176
  Port............................................. 389
  Enabled.......................................... Yes
  User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
  User Attribute................................... sAMAccountName
  User Type........................................ Person
  Retransmit Timeout............................... 2 seconds
  Bind Method ..................................... Anonymous
  This is the problem that I can see:
  Auth. Request is sent:
  *LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR"       type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)
  Binding with the user with database:
  *LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br
  WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.
  thanks a lot.