ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

LDAP unable to login to our v3.7 CAPC console, Receiving 'unable to authenticate user' error

book

Article ID: 145862

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

When an LDAP user tries to login to the CAPC console, they get an error:

'unable to authenticate user'

This was working fine a few days ago.

Tried to test the LDAP user in SsoConfig, and we fail:

Could not obtain a DirectoryContext.

javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09056D, comment: AcceptSecurityContext error, data 52e, v2580]

Logon failure: unknown user name or bad password.

Bind to the directory failed.

Cause

In SsoConfig there are 2 types of settings:

  1. Remote Value

These settings are propagated to all other CA products and data sources that are registered to this instance of Performance Center. This includes the Event Manager in Performance Center, which embeds the URL of Performance Center. Performance Center uses Remote Value settings only if a corresponding Local Override value is not present.

  1. Local Override

Overrides a setting on this Performance Center instance, which does not propagate to other CA products and data sources (including Event Manager) registered to this instance of Performance Center. Local Override takes precedence over both the Remote Value and default settings.

 

For LDAP use ‘Remote Value’ so that the values are passed to the LDAP server.

‘Local Override’ should be all blank.
Here we see that someone had edited the Local Override values:








Environment

Release : 3.7

Component : IM Reporting / Admin / Configuration

Resolution

In this case, we see that the user bind setting had been accidentally set to enabled.



Use SsoConfig to reset the Local Override.


and now the settings will use the Remote Value as desired:




.















Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/administrating/single-sign-on/set-up-ldap-authentication/enable-ldaps-authentication.html


https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/administrating/performance-center-administration/manage-authentication-requirements.html

Attachments