UVMS: insufficient traces to detect LDAP authentication errors

book

Article ID: 193553

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

In case UVC remains started with a LDAP login and the LDAP password is modified, this UVC will continue to send queries to LDAP with the outdated password and will eventually lock the user in the LDAP server.

The UVMS traces ( even in mode TRACE) are not useful in this situation as it does NOT tell the IP or Hostname from where this UVC console has been launched.

In a Citrix / Rebound Server / Webconsole environment, finding where the UVC has been launched is difficult.

Only way to find out where the query is coming from is via a network capture ( tcpdump or Wireshark) which is not always possible.

We would like that uvserver.log writes a message stating the username that causes the LDAP authentication errors and the IP address where the query is coming from.

 

Cause

When an LDAP authentication error occurs, the error message displayed in the UVMS log does not contain about the provenance of the connection.

Environment

Release : 6.x

Component : DOLLAR UNIVERSE

Subcomponent: Univiewer.Management.Server

Resolution

Update to a fix version listed below or a newer version if available.

Fix version(s): 
Component: Univiewer.Management.Server
Dollar Universe 6.10.41 - Released 15th July 2020

Additional Information

Since version 6.10.41, an additional message is displayed in the UVMS log in case of an LDAP authentication error in uvserver.log as follows:

|ERROR| request-worker-X | com.orsyp.central.server.AuthentificationStdImpl | LDAP Authentication error for user [username], coming from [ip_address]