When an LDAP user tries to login to the CAPC console, they get an error:
'unable to authenticate user'
This was working fine a few days ago.
Tried to test the LDAP user in SsoConfig, and we fail:
Could not obtain a DirectoryContext.
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09056D, comment: AcceptSecurityContext error, data 52e, v2580]
Logon failure: unknown user name or bad password.
Bind to the directory failed.
In SsoConfig there are 2 types of settings:
These settings are propagated to all other CA products and data sources that are registered to this instance of Performance Center. This includes the Event Manager in Performance Center, which embeds the URL of Performance Center. Performance Center uses Remote Value settings only if a corresponding Local Override value is not present.
Overrides a setting on this Performance Center instance, which does not propagate to other CA products and data sources (including Event Manager) registered to this instance of Performance Center. Local Override takes precedence over both the Remote Value and default settings.
For LDAP use ‘Remote Value’ so that the values are passed to the LDAP server.
‘Local Override’ should be all blank.
Here we see that someone had edited the Local Override values:
Release : 3.7
Component : IM Reporting / Admin / Configuration
In this case, we see that the user bind setting had been accidentally set to enabled.
Use SsoConfig to reset the Local Override.
and now the settings will use the Remote Value as desired: