ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AdminUI external adminStore not configurable

book

Article ID: 186348

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign-On

Issue/Introduction


We're running an AdminUI and when we try to configure an External

Admin Store, we click on "Select Super User" and we get this error in
the browser :

  Error:

  An error occurred while searching the directory, please check that all
  information has been correctly supplied and try again. If the problem
  persists, check the error logs for additional details.

  and the AdminUI log reports :

   2020-03-09 11:26:02,190 ERROR [ims.llsdk.directory.jndi] (default
   task-3) JBAS011843: Failed instantiate InitialContextFactory
   com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader
   for Module "deployment.iam_siteminder.ear.user_console.war:main"
   from Service Module Loader

How can we fix this ?

Cause

At first glance, you might get this issue if the LDAP Admin Store has
connectivity issue, if SSL is not configured, if SSL certificates
aren't set in the keystore, or if the AdminUI doesn't use a corrrect
JDK installation.

Environment


  AdminUI 12.8SP3 on Windows 2016;

Resolution

Login Authentication error in im.AuthenticationModule failed to
disambiguate user NamingException: JBAS011843 LDAP: error code 52 -
Unavailable

  Check the health of the user directory and verify that it is
  available to serve requests.

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=97170

Not able to configure external ldap authentication for adminui

  Configure first the connection without using SSL to solve the issue,
  and validate that the user can be found correctly. To configure SSL
  connection, you do need to have handy the LDAP Server SSL certificate
  to upload it when configuring the AdminUI for External Admin Store.

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=137068

Import new root CA:

  keytool -import -trustcacerts -alias <alias> -keystore "siteminder/adminui/standalone/configuration/trustStore.jks" -file <RootCA.cer>
  List keystore to check it is there:
  keytool -list -v -keystore ./trustStore.jks -storepass <password>
  Restart adminui.

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=136378

javax.naming.NamingException: LDAP response read timed out error in
adminui server.log

  Please upgrade the java used by the adminui to Java 1.8.0_77 (here
  java version is 1.8.0_31).

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=5972

The External Admin Store should be also configured for LDAP Namespace
and not AD Namespace.