Directory

book

Article ID: 142450

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and when one of the LDAP User Store from
a given cluster is down, Policy Server didn't send a specific request
to the other LDAP Server to load balance.

How can we fix this ?

 

Cause

 

From the log extract, we see the Policy Server trying to reach LDAP
server :

 myldap.userstore.mydomain.com : 389

each 30 seconds. This LDAP Server is up and running, but it has
problem, so the connections tentatives return :

  Error 49-Invalid credentials

smps.log :

  [3524/73][Tue Dec 03 2019
  16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

  [3524/76][Tue Dec 03 2019
  16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

  [3524/72][Tue Dec 03 2019
  16:45:16][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

  [3524/73][Tue Dec 03 2019
  16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

  [3524/72][Tue Dec 03 2019
  16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

  [3524/76][Tue Dec 03 2019
  16:45:46][SmDsLdapConnMgr.cpp:911][ERROR][sm-Ldap-01370]
  SmDsLdapConnMgr Bind. Server
  myldap.userstore.mydomain.com : 389. Error 49-Invalid
  credentials

Out of the box, the Policy Server keeps doing an "LDAP Ping" request
to all LDAP server each 30 seconds to check the availability :

Policy Server :: LDAP Server Status : Modify the ldap ping process
https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=98073

and this is what the log extract shows us. Each 30 seconds, the LDAP
Ping tries to reach this LDAP User Store and as this one doesn't work
fine, it reports the error 49.

 

Environment

 

Policy Server all versions

 

Resolution

 

As such, these lines don't report an issue with loadbalancing the
request, but it shows that the Policy Server check the availability of
the LDAP Server, and because it's up and running, but reports an error
on login, then you see those lines.