ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unable to validate Users in IAM Through LDAPS

book

Article ID: 145689

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Installed DevTest 10.4.0 on the same machine where DevTest 10.1.0 is installed, but installed to a new folder.  Able to test connection and authenticate to the LDAPS server.  When trying to add a user get this error:

2020-02-10 17:01:08,801 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-92) Uncaught server error: org.keycloak.models.ModelException: User returned from LDAP has null uuid! Check configuration of your LDAP settings. UUID Attribute must be unique among your LDAP records and available on all the LDAP user records. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN' . Mapped UUID LDAP attribute: entryUUID, user DN: cn=x256016,ou=contractors,ou=people,o=swa-ldap
 at org.keycloak.storage.ldap.LDAPUtils.checkUuid(LDAPUtils.java:123)
 at org.keycloak.storage.ldap.LDAPStorageProvider.importUserFromLDAP(LDAPStorageProvider.java:483)


Our IAM database is Oracle 12c but the connection to the Oracle database is done through LDAP.

We have DevTest 10.4.0 installed on two other machines with IAM connecting the same way with no errors, but not from this QA machine.

Cause

Did not have an IAM patch applied in the other environments not applied in this environment.

Environment

Release : 10.4

Component : CA Service Virtualization

Resolution

Using 10.4 IAM datasource-updater.jar patch in the other environment. After copying the patch in other environment, IAM started working.

Was using wrong UUID LDAP identifier, we corrected it, after that was able to search and login with the LDAP users.