LDAP issue
We have a 10.3.2 WLP environment that has an AD and an ADAM security provider on it. Our portal application authenticates clients against ADAM and other users through AD. This setup has been working for a year with no issue. We moved our hardware this weekend (no other changes) and since that time we have not been able to log into this application through AD or ADAM. All the AD and ADAM users and groups can be seen through the WebLogic console so the provider infornmation should be good. We rebooted our physical app servers boxes as well as the ADAM and AD boxes to no avail. There is no error on our login page when the user tries to connect, it just goes back to the login page. However, in the app server logs we see the error below. Any good suggestions or ideas will be awarded points. Any resolutions will be awarded a refigerator magnet or key chain :)
We have tried redploying the application and deleting the JVM cache, as well as trying previous versions of the app code, same result. One other note, the attempts to login do NOT make it to ADAM as the accounts never get locked out (which they should after 3 wrong attempts).
Thanks
####<Aug 1, 2012 12:27:05 PM CDT> <Notice> <Stdout> <qaportal1> <PortalServer1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1343842025611> <BEA-000000> <12:27:05,611 ERROR [[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'] com.fc.framework.service.ldap.exception.LDAPException - com.fc.framework.service.ldap.exception.LDAPNamingException[ javax.naming.AuthenticationException]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 700, v1db1 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at com.fc.framework.service.ldap.env.Environment.getDirContext(Environment.java:332)
at com.fc.framework.service.ldap.env.Environment.getInitDirContextSearch(Environment.java:407)
at com.fc.framework.service.ldap.util.UserLocator.getUserType(UserLocator.java:46)
at com.fc.framework.service.security.SecurityHelper.getUser(SecurityHelper.java:290)
at com.fc.framework.service.security.SecurityHelper.userSearchByUserId(SecurityHelper.java:101)
at com.fc.controls.security.SecurityControlImpl.userSearchByUserId(SecurityControlImpl.java:117)
at com.fc.controls.security.SecurityControlBean.userSearchByUserId(SecurityControlBean.java:673)
at Controller.isUserIdCaseValid(Controller.java:952)
at Controller.doValidateUserIdUserUserType(Controller.java:310)
at Controller.doLogin(Controller.java:287)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:870)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:306)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:52)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:64)
at org.apache.beehive.netui.pageflow.interceptor.action.ActionInterceptor.wrapAction(ActionInterceptor.java:184)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.invoke(ActionInterceptors.java:50)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors$WrapActionInterceptorChain.continueChain(ActionInterceptors.java:58)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:87)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)>
Thanks Brian for assisting me with this issue.
I am still extremely new to how to deploy the product and it looks like the fix for this was to go into Privileges and set LDAP Customer creation. I hadn't done that. Once that was done everything worked correctly.
Richard
Similar Messages
-
LDAP issue after upgrading to SP15 from SP7 for CUP 5.3
Hello,
We have recently upgraded our Sandbox from SP 7 to SP15 on GRC 5.3 and Now having issues authenticating users using LDAP.
The connections and settings are exactly same as our Dev system which in on SP7 and the connection also says successful but when we go onto the request page and type in an id it says invalid credentials.
Am i missing something or is there a special procedure after upgrade .
Thanks
UdayHello Frank,
Thanks for the reply.I forgot to do it and as you said once i performed those steps it actually solved my password reset link issues as it was erroring out with 500 error and now it is working fine .
But to fix LDAP issue SAP has a note which says after SP13 we don't need to fill in the user path field while creating LDAP connector.
Thanks
Uday -
DNS/LDAP Issue for Trusted Domain
Hi
I'm trying to configure Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
Contact LDAP Server".
I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
When I check the log ADForestDisc.log I get this error message:
"Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
I have setup Conditional Forwarders in DNS in both domains.
I have also read other forums about this issue and should have the answer:
"This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
"The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
We are using Windows AD integrated DNS in both domains.
I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
Thanks in advanceHi
Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
I don't Think this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically? -
Hi,
I have a 2 node cluster that we have upgraded from OES11 to OES11 sp1 at the beginning of august
Last week we create a new ressource on the primary node (let's say NODE 1), but when we want to migrate this new ressource to the other node (let's say NODE 2), the ressource became comatose.
On node 2 what i can see in /var/log/messages is the following
Aug 20 16:42:17 node2 ncs-resourced: Try LDAP for POOLDATA20_SERVER
Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
Aug 20 16:42:53 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.load
Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: CRM: Tue Aug 20 16:42:53 2013
Aug 20 16:42:53 node2 ncs-resourced: POOLDATA20_SERVER.load: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.load: No such file or directory
Aug 20 16:42:53 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER load status=127
Aug 20 16:42:54 node2 ncs-resourced: Error preprocessing script POOLDATA20_SERVER.unload
Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: CRM: Tue Aug 20 16:42:54 2013
Aug 20 16:42:54 node2 ncs-resourced: POOLDATA20_SERVER.unload: /bin/sh: /var/run/ncs/POOLDATA20_SERVER.unload: No such file or directory
Aug 20 16:42:54 node2 ncs-resourced: resourceMonitor: POOLDATA20_SERVER unload status=127
I try to change the configuration using a new.conf file liket it is in the documentation :
CONFIG_NCS_CLUSTER_DN="cn=svr1_oes2_cluster.o=cont ext"
CONFIG_NCS_LDAP_INFO="ldaps://10.1.1.102:636,ldaps://10.1.1.101:636"
CONFIG_NCS_ADMIN_DN="cn=admin.o=context"
CONFIG_NCS_ADMIN_PASSWORD="password"
As the root user, enter the following command at a command prompt:
/opt/novell/ncs/install/ncs_install.py -l -f new.conf on node1 and on node2
and then cluster exec "/opt/novell/ncs/bin/ncs-configd.py -init"
I reboot node2 but it is exaclty the same.
Any idea ?
StphaneOriginally Posted by changju
Hi Stphane,
This is the key of the failure,
Aug 20 16:42:17 node2 ncs-resourced: LDAP failed: <class 'ldap.SERVER_DOWN'>
Somehow, looks like the Python LDAP on node2 couldn't connect the LDAP servers (10.1.1.102:636 or 10.1.1.101:636).
Please first make sure that LDAP is up and running on the two servers.
Please check file "/etc/opt/novell/ncs/clstrlib.conf" to make sure that you have something like this,
p4
S'ldaps://10.1.1.102:636,ldaps://10.1.1.101:636'
If not, you need to modify file "new.conf" and run command "/opt/novell/ncs/install/ncs_install.py -l -f new.conf" on node2 again.
You can then check the result of the installation in file "/var/opt/novell/install/ncslog", or you can simply run command "/opt/novell/ncs/bin/ncs-configd.py -init" on node2 to try to pull down the latest NCS configuration.
If "/opt/novell/ncs/bin/ncs-configd.py -init" churns out a bunch of "dos2unix" messages (and pulls down the scripts for the new resources at "/var/opt/novell/ncs"), you should be able to migrate the resource.
Regards,
Changju
Thank you very much Changju.
I was not aware of this log file it was very helpfull.
Apparently a tls issue for my 2 ldap server. I change it to ldap instead of ldaps and it is working now.
Strange because i was able to connect using ldaps with ldap browser to the 2 nodes.
Again, thank you
Stphane -
Hi,
I have an issue where certain LDAP users who were once able to log into OBI 11g now cannot.
This has only happened for those users who I have used the proxy ('Act As') functionality on ie. If UserA can login, and the Administration Act's As UserA, after an OBI restart UserA cannot log in anymore.
I have narrowed this issue down to the presenation catalog. If I swap the current catalog with the SampleAppLite catalog for example, the problem goes away i.e. the LDAP user (UserA in the example above) can log in fine.
I have also noticed while accessing the catalog via catalog manager, the Administrator cannot access the 'System' folder. This is with reference to the original catalog (which causes the issue with UserA above) that was upgrade from 10g to 11g.
Any ideas?
Thanks.This is going to be almost impossible to diagnose without being logged in, in front of your application.
As a starting point I would recommend you check the permissions on each catalog element. Go to Catalog link > Change view to 'Admin View' > Catalog Root and then use the permissions link for that item and everything below. Ticking 'Show Hidden Items' will let you see the System folders.
Also check the privileges (Administration > Manage Privileges) as I seem to remember that the 'Act as Proxy' privilege is denied out of the box. Maybe something here is amiss.
It might be easiest to bite the bullet and create a new web catalog from scratch!
Paul -
Flash Builder 4 LDAP issue on IIS 7 with Coldfusion 8
I have a cfc that returns empty strings back into my project when I attempt an auto login through LDAP. The same files perform correctly on a different server with IIS 6. I set up a simple cfm on the IIS 7 server and received the appropriate data. I set up a cfm on the IIS 7 server to invoke the very same cfc that fails in the flash builder and received the appropriate data. Both servers are inside the company firewall.
The web folder is set up as an application with windows authentication enabled, disabling and enabling the anonymous authentication seems to have no impact on any of the scenarios. I am assuming I am missing some configuration in the ColdFusion Flex integration but I am not sure what it is. Anyone have a shot in the dark on this one?
Enable Flash Remoting support &
Enable Remote Adobe LiveCycle Data Management access are both checked
SSL connections are not being used.I absolutly did read the guidance notes and it was based in them that we installed.
Quote:
"Now that we have had an opportunity to undertake further testing with the final release of Mac OS X 10.7, we are pleased to report that there are only minor usability issues when using Flash Builder 4.5.1 on Mac OS X 10.7 and, as such, we will be updating our previous statement to confirm compatibility of these releases"
What I am now experiencing on two different machines is what appears to be outside the scope of these notes and either a new issue that is reproducible, or a Java issue related to 10.7. Not being a Java guy I'm not sure were to begin short of trying Eclipse on its own.
I am able to produce a crash of FB 4.5.1 by just trying to close an MXML file by clicking the close button of the tab, or by closing a project. This is on two seperate machines now. -
hey folks,
i am trying to validate an user from my LDAP db
here are my LDAP entries..
dn: cn=jim,o=attinfo,c=us
objectclass: inetOrgPerson
objectclass: ePerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: jim
sn: robinson
userpassword: {iMASK}>1e5rd9bCaqTnz9oQQSVhFYekLSoUp2vAnOWaZIKO8LfBBW1RuAJi2mvu 4dwcQ+4r5TPYQIFnQyT6QKGV4LEnQvpSLb7vckUjmt2FyrTKtVfJghCZiLvH61oXB1eEawkLFQOi cfjP2lYQYi0LdA5a4mS03I1JrdVdbF<
uid: jim
description:: and here is the java code to access that..
import javax.naming.ldap.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
public class TestLdap2{
public TestLdap2(){
try{
DirContext ctx = null;
Hashtable ht = new Hashtable(2);
ht.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
ctx = new InitialDirContext(ht); SearchControls ctls = new SearchControls(); ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration ne = ctx.search("o=attinfo","(sn=robinson)",ctls);
while(ne.hasMore()){
SearchResult sr = (SearchResult) ne.next();
System.out.println("DN: "+sr.getName());
Attributes attrbs = sr.getAttributes();
for (NamingEnumeration nE = attrbs.getAll();nE.hasMoreElements();)
Attribute attr = (Attribute) nE.next();
String attrID = attr.getID(); System.out.println("ID: "+attrID);
for (Enumeration vals = attr.getAll();vals.hasMoreElements();)
System.out.println("Vals: "+vals.nextElement());
ctx.close();
} catch (Exception e){
e.printStackTrace();
public static void main(String args[]){
new TestLdap2();
}I am getting following error..
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; rema
ining name 'o=attinfo'
is it some kind of binding issue...
any help is appreciated..
thanx..Hello, it isn't necessarily a 'binding' issue -- that indicates permissions issues. The problem is that you are searching for Jim in 'o=attinfo,o=attinfo', and ignoring the root ('c=us'). The easiest way to solve the problem is to change the line:
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/o=attinfo");
To the following:
ht.put(Context.PROVIDER_URL, "ldap://dbipaddr:389/c=us");
Thus, your initial context will be at the root, and when you search your context will change to 'o=attinfo,c=us' which should contain your entry.
Good luck,
Derek -
ISE 1.3 Upgrade LDAP Issue
We recently upgraded to 1.3 and everything seems fine except that we noticed that the catalyst switches we use AD authentication through ISE for stopped dropping us automatically in enable mode. I did rejoin the device to AD as required post upgrade and have since unjoined and rejoined. When I run the test user option for the AD Identity store I get an error saying its unable to fetch LDAP attributes, see attached. There is also a similar error in the syslog anytime a user logs into the switch. I went back on the syslogs and these errors were not happening until the upgrade. I am assuming this somehow correlates to my issue. Anyone else experienced this post upgrade? Thanks.
Are you using LDAP or native AD join ?
There are some issues with LDAP and quotes in the group names, which is not supported. I also have had issues with 1.3 and using comma and users names, so something like Doe, John. is not possible as the name of a user in AD.
As for native AD, i have not had any issues with ISE 1.3 -
Anyone come across anything like this before - tried running CfgSrvr
again
and it just loops around with this failure.
Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
22 December 2003 16:01:11
An error occured while attempting to obtain <LDAP> credentials.
SUGGESTION:
Re-run server configuration (CfgSrvr.exe), and re-specify
account information.
Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
22 December 2003 16:01:11
An error occurred during data decryption. Error code = <-1497>.David,
Thanks for the rapid response :-)
Just updated to NICI 2.6.1 and it seems to have resolved the issue.
Steve
"David W Kegel" <[email protected]> wrote in message
news:AYEFb.2500$[email protected]..
> Yes, this problem comes up occasionally. Something to do with a
problem
> updating NICI version 2.4. try the following:
>
> 1) Go to \winnt\system32\novell\nici
> 2) right click - properties - security tab - advanced button - owner
> tab - check "replace owner on subcontainer"
> 3) ok - ok - then go into the administrator directory, and right
click
> each of the 3 files in there, choose properties, security tab -
check
> "Allow inheritable..."
> ** you should see the Administrators group added to these files.
>
> Then CfgSrvr should run OK.
>
> Dave Kegel
> Novell, Inc.
>
> >>> Steve Thompson<steve_thompson@__engl.co.uk> 12/22/03 10:16:26 AM
>>>
>
> Anyone come across anything like this before - tried running CfgSrvr
again
> and it just loops around with this failure.
> Error: Crypto-6 Cryptographic Subsystem Message (2 of 3)
>
> 22 December 2003 16:01:11
>
> An error occured while attempting to obtain <LDAP> credentials.
>
> SUGGESTION:
>
> Re-run server configuration (CfgSrvr.exe), and re-specify
>
> account information.
>
> Error: Crypto-2 Cryptographic Subsystem Message (3 of 3)
>
> 22 December 2003 16:01:11
>
> An error occurred during data decryption. Error code = <-1497>.
>
>
>
>
> -
Can't make OD master - LDAP issue?
So, I upgraded my 10.6 to 10.7 and also downloaded server with it. I'm trying to turn my computer into an OD master.
I made my computer a DNS server - I can dig my IP and my FQDN. No problems.
When I go to make a OD master it tells me it failed and to go to the documentation (I don't see that online yet).
When I go to Console and take a peek at my logs I start with a
nstat_lookup_entry failed: 2
And then I get several errors about LDAP server
[PasswordServerPrefsObject getsearchbase]: Unable to locate search base: -1 Can't contact LDAP server
[PasswordServerPrefsObject loadXMLdata]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
Ther are another 10 similar complaints, and then the whole process fails with -1 when applying directory role change.
Anyone have any ideas? I keep hoping this is somehting easy I'm missing.......I am having this same issue after migration today! Anyone have a solution? My open directory is offline (according to server admin that I installed).
That log says..
Feb 4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Feb 4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
Feb 4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Feb 4 07:33:11 server servermgrd[136]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
In directory utiltiy my LDAP didn't move in the migration...however, when I set it up...still doesnt work....
Anyone know the secret sauce? -
Hello Folks. We have an Ironport C370 and we couldn't log in to it anymore (GUI or SSH) using our domain password. It sends an e-mail showing "LDAP:query Server Name-AD accep result LDAP server misconfigured or unreachable"
Nothing has been changed in the configuration nor in the AD. Any ideas??? Thank you!Please note that these are indications that the appliance is trying to establish a connection to the configured LDAP server under the "Server Name-AD" profile and the server is not responding. Based on this, it would be advisable to investigate the LDAP server to correct this issue.
Anything network wise changed? Network issues between the IronPort and your LDAP server? Domain controller?
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!) -
Hi
I am using messaging server 5.2. Previously we are using Dirsync in our messaging server , after migrating to direct Ldap we are receiving the the following error
for some domain
"5.1.1 unknown or illegal alias: [email protected]"
i am attaching the output of /imsimta test -rewrite [email protected] for your reference
forward channel = l
channel description =
channel user filter =
dest channel filter =
source channel filter =
channel flags #0 = BIDIRECTIONAL MULTIPLE IMMNONURGENT NOSERVICEALL
channel flags #1 = NOSMTP DEFAULT
channel flags #2 = NOSENDPOST NOWARNPOST POSTHEADONLY HEADERINC NOEXPROUTE
channel flags #3 = LOGGING NOGREY NORESTRICTED RETAINSECURITMULTIPARTS
channel flags #4 = EIGHTBIT NOHEADERTRIM NOHEADERREAD RULES
channel flags #5 =
channel flags #6 = LOCALUSER REPORTHEADER
channel flags #7 = NOSWITCHCHANNEL NOREMOTEHOST DATEFOUR DAYOFWEEK
channel flags #8 = NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
channel flags #9 = NOTHURMAN INTERPRETENCODING USEINTERMEDIATE RECEIVEDFROM VALIDATELOCALSYSTEM NOTURN
defaulthost = hathway.com hathway.com
linelength = 1023
channel env addr type = SOURCEROUTE
channel hdr addr type = SOURCEROUTE
channel official host = mhr.hathway.com
channel queue 0 name = LOCAL_POOL
channel queue 1 name = LOCAL_POOL
channel queue 2 name = LOCAL_POOL
channel queue 3 name = LOCAL_POOL
channel after params =
channel user name =
urgentnotices = 1 2 4 7
normalnotices = 1 2 4 7
nonurgentnotices = 1 2 4 7
channel rightslist ids =
local behavior flags = %x7
backward channel = l
header To: address = [email protected]
header From: address = [email protected]
envelope To: address = [email protected] (route (mhr.hathway.com,mhr.hathway.com)) (host ol24.net)
envelope From: address = [email protected]
name =
mbox = test
Extracted address action list:
[email protected]
Extracted 733 address action list:
[email protected]
Address list expansion:
0 expansion total.
Expanded address:
[email protected]
Submitted address list:
Address list error -- 5.1.1 unknown or illegal alias: [email protected]
Submitted notifications list:
Regards
PrashantPrashant_wagh wrote:
I am using messaging server 5.2. Previously we are using Dirsync in our messaging server , after migrating to direct Ldap we are receiving the the following error for some domain Please always provide the full version of Messaging Server (./imsimta version).
"5.1.1 unknown or illegal alias: [email protected]"
Was this address "working" prior to implementing direct-ldap?
This issue usually occurs for two reasons:
1) You have no user/group LDAP entry which has a mail:/mailalternateaddress:/mailequivalentaddress: of [email protected]
2) You have more then one entry with a mail:/mailalternateaddress:/mailequivalentaddress: of [email protected]
The old (and broken) dirsync mechanism would "handle" the second scenario. You can check to see whether you have (1) or (2) occurring by performing an ldap search e.g.
ldapsearch -h <directory server> -b <user/group base> -D "cn=directory manager" -w <directory manager password> \
"(|(mail=[email protected])(mailalternateaddress=[email protected])(mailequivalentaddress=[email protected]))" dn
e.g.
ldapsearch -h myserver.com -b o=isp -D "cn=directory manager" -w secretpass \
"(|(mail=[email protected])(mailalternateaddress=[email protected])(mailequivalentaddress=[email protected]))" dnRegards,
Shane. -
LDAP Issues with 4.1 upgrade - partial success
All,
I’ve spent the last few hours going through the forum and reading the documentation on LDAP authentication issues after upgrading to 4.1.
I have completed every suggestion that has been posted and still no success.
If I run the following from SQL Workshop I get a successful authentication
declare
l_session dbms_ldap.session;
l_dummy pls_integer;
begin
dbms_ldap.use_exception := TRUE;
l_session := dbms_ldap.init('host.domain.com', 389 );
l_dummy := dbms_ldap.simple_bind_s(l_session, 'domain\user', 'password');
dbms_output.put_line('authenticated');
l_dummy := dbms_ldap.unbind_s(l_session);
exception when others then
l_dummy := dbms_ldap.unbind_s(l_session);
raise;
end;However if I run the APEX_LDAP.AUTHENTICATE using the same inputs it will not authenticate
begin
IF APEX_LDAP.AUTHENTICATE(
p_username =>'domain\user',
p_password => 'password',
p_search_base => 'dc=domain,dc=com',
p_host => 'host.domain.com',
p_port => 389)
THEN htp.p('authenticated');
ELSE htp.p('not authenticated');
END IF;
End;Is a successful authentication using APEX_LDAP.AUTHENTICATE a prerequisite for the application to authenticate correctly, this is the only option I know to test the configuration?
I have run the scripts to update the ACLs for user APEX_040100 and workspace schema user.
Thanks in advance,
Darin
Apex 4.1
Oracle 11.2g
Active DirectoryIf the simple_bind_s works that is sufficient proof that the network acl is okay, and so are your credentials. I'd not bother too much with apex_ldap since that integrates with OID, and if you don't have that it becomes pretty much worthless.
So i assume that your authentication scheme is the pre-built LDAP one. Could you share some more (obscured i understand) details about how you have set up the details? Especially your "Distinguished Name (DN) String", "Use Exact Distinguished Name (DN)" (Yes/No), "LDAP Username Edit Function". I'm also assuming that you want users to log in with their login-username (samaccountname)? -
I am trying to use Netscape LDAP server for authentication with WLS 7.0, but having
some problems.
Here are steps I took.
-Configured and started the default server
-Add IPlanet LDAP provider
-Removed the default Authentication provider and identity assertion provider.
On the LDAP side, I have a Administrators group and have system user in that group.
Restarted the server, came up correctly with user/password of LDAP server, and I
assumed that it authenticated to LDAP server.
On the console, if I click on Users or Groups, I do not see any user and group, and
no option to create a user and group.
What could be wrong here?
After sometime, with the same settings I restarted server, and can not get authentication,
getting access denied error.
Can anyone please help me?Did you find a solution for this problem?
I have somthing very similar going on where I am currently working.
Thanks!
Andy.
"Simple Guy" <[email protected]> wrote:
>
Hi,
I've a setup with iplanet 6.x webserver using the wls 7.0 sp2 proxy plugin
to
route requests to the clustered app server instances (2 of them) that
are in wls
6.1 sp3.
The issue is, I'm noticing that the session is not sticky and is getting
routed
onto the other app server instance. The error that I see in the wlproxy.log
is
as follows:
*******Exception type [PROTOCOL_ERROR] raised
at line 654 of URL.cpp
Thu Nov 13 11:30:08 2003 failure on sendRequest() w/ recycled connection
to Instance1:7001, numfailures=1
Thu Nov 13 11:30:08 2003 Marking Instance1:7001 as bad
Thu Nov 13 11:30:08 2003 got exception in sendRequest phase:
PROTOCOL_ERROR [line 654 of URL.cpp]: unexpected EOF
reading HTTP status at line 1010
Thu Nov 13 11:30:08 2003 Failing over after sendRequest exception
Thu Nov 13 11:30:08 2003 attempt #1 out of a max of 5
Has anyone seen this issue? Can anyone explain why this issue is occuring.?
Thanks. -
I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.
WLC5508 software 7.2.110
wlan id 1 is set to LDAP server1
wlan id 4 is set to LDAP server2
tests
user server1 connect to wlan1
user server1 connect to wlan4 - this should not happen
user server2 connect to wlan4
user server2 connect to wlan1 - this should not happen
This scenario already work fine on WLC 4400 with software 7.0.116
Anyone already has a similar problem?
thanks,
Murilo CavalliniBoth DataBase is created on the same AD, but this Server has 2 network interface.
wlan1 is set to LDAP Server2: IP address 10.19.198.254
show ldap 2
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
wlan2 is set to LDAP Server1: IP address 10.19.198.176
show ldap 1
Server Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... AnonymousServer Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
This is the problem that I can see:
Auth. Request is sent:
*LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR" type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)
Binding with the user with database:
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br
WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.
thanks a lot.
Maybe you are looking for
-
Hello. Does anybody know, is Contenr Server can work on Sun Cluster? I did not find any information in notes or PAM. Technically, Sun Cluster support both Apache and MaxDB.
-
Implementing Shared Content in V2
We are currently implementing a public web site in release V2. We have two page groups, 'Members' and 'Public'. There is content that is the same that can be shared between these two page groups. We are implementing this shared content as items which
-
I used to be able to copy a project book to a hard drive, then show it to a client on their laptop. Then she could make changes if necessary. But with iPhoto 11, I can't seem to move/export/copy anything to the book projects. Any suggestions?
-
Hi All, This is my first post so be gentle! I am using SQLDeveloper to connect to both Oracle and MS SQL at different times. The stable MS SQL scripts (legacy written in MS Query analyser) I have must be left as just that but I have a new requirement
-
I can not activate my iphone on itunes says no sim card installed
ios perform the upgrade to 6 and when I connect to itunes says there is no SIM card installed in the iphone you are attempting to activate the simcard but is in the tray on the iPhone screen says the activation server is temporarily unavailable again