LDAP Access is Denied

book

Article ID: 129011

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Error message “LDAP access is denied” while trying to access UVC.
All LDAP users has the same issue when logging in UVC.

error in UVMS log:

[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] | 2019-03-08 10:25:06 |ERROR| request-worker-10 | com.orsyp.central.ldap.SimpleLogin | Authentication Exception javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.InitialContext.(Unknown Source) at javax.naming.directory.InitialDirContext.(Unknown Source) at com.orsyp.central.ldap.SimpleLogin.login(SimpleLogin.java:59) at com.orsyp.central.ldap.LDAPManagerImpl.authenticate(LDAPManagerImpl.java:376) at com.orsyp.central.server.AuthentificationStdImpl.doLDAPAuthentication(AuthentificationStdImpl.java:138) at com.orsyp.central.server.AuthentificationStdImpl.authSocket(AuthentificationStdImpl.java:213) at com.orsyp.comm.server.NIOBasedSocket.authentification(NIOBasedSocket.java:216) at com.orsyp.comm.server.NIOBasedSocket.readStream(NIOBasedSocket.java:178) at com.orsyp.central.server.UniWorker.doWork(UniWorker.java:191) at com.orsyp.central.server.CentralServerAdapter$1.run(CentralServerAdapter.java:264) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) UNICHECKLDAP Output: [[email protected]/bin]# ./unicheckldap UniViewer Management Server environment loaded. UVMS configured with LDAP authentication.
 

Environment

Release:
Component: ADLRUN

Resolution

In ldap.xml file "User search filter" CN was defined with individual user’s Id:
 
User search filter: (&(objectClass=user)(cn=user.dep))



update it to below then it worked:
 
User search filter: (&(objectClass=user)(cn=!login!))