LDAP Access is Denied
Article ID: 129011
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error message “LDAP access is denied” while trying to access UVC.
All LDAP users has the same issue when logging in UVC.
error in UVMS log:
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] | 2019-03-08 10:25:06 |ERROR| request-worker-10 | com.orsyp.central.ldap.SimpleLogin | Authentication Exception javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.(Unknown Source) at javax.naming.directory.InitialDirContext.(Unknown Source) at com.orsyp.central.ldap.SimpleLogin.login(SimpleLogin.java:59) at com.orsyp.central.ldap.LDAPManagerImpl.authenticate(LDAPManagerImpl.java:376) at com.orsyp.central.server.AuthentificationStdImpl.doLDAPAuthentication(AuthentificationStdImpl.java:138) at com.orsyp.central.server.AuthentificationStdImpl.authSocket(AuthentificationStdImpl.java:213) at com.orsyp.comm.server.NIOBasedSocket.authentification(NIOBasedSocket.java:216) at com.orsyp.comm.server.NIOBasedSocket.readStream(NIOBasedSocket.java:178) at com.orsyp.central.server.UniWorker.doWork(UniWorker.java:191) at com.orsyp.central.server.CentralServerAdapter$1.run(CentralServerAdapter.java:264) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) UNICHECKLDAP Output: [[email protected]/bin]# ./unicheckldap UniViewer Management Server environment loaded. UVMS configured with LDAP authentication.
All LDAP users has the same issue when logging in UVC.
error in UVMS log:
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] | 2019-03-08 10:25:06 |ERROR| request-worker-10 | com.orsyp.central.ldap.SimpleLogin | Authentication Exception javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.(Unknown Source) at javax.naming.directory.InitialDirContext.(Unknown Source) at com.orsyp.central.ldap.SimpleLogin.login(SimpleLogin.java:59) at com.orsyp.central.ldap.LDAPManagerImpl.authenticate(LDAPManagerImpl.java:376) at com.orsyp.central.server.AuthentificationStdImpl.doLDAPAuthentication(AuthentificationStdImpl.java:138) at com.orsyp.central.server.AuthentificationStdImpl.authSocket(AuthentificationStdImpl.java:213) at com.orsyp.comm.server.NIOBasedSocket.authentification(NIOBasedSocket.java:216) at com.orsyp.comm.server.NIOBasedSocket.readStream(NIOBasedSocket.java:178) at com.orsyp.central.server.UniWorker.doWork(UniWorker.java:191) at com.orsyp.central.server.CentralServerAdapter$1.run(CentralServerAdapter.java:264) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) UNICHECKLDAP Output: [[email protected]/bin]# ./unicheckldap UniViewer Management Server environment loaded. UVMS configured with LDAP authentication.
Environment
Release:
Component: ADLRUN
Component: ADLRUN
Resolution
In ldap.xml file "User search filter" CN was defined with individual user’s Id:
update it to below then it worked:
User search filter: (&(objectClass=user)(cn=user.dep))
update it to below then it worked:
User search filter: (&(objectClass=user)(cn=!login!))
Feedback
Yes
No
Powered by
