OneClick is unable to authenticate with LDAP, this causes users to be unable to be logged in
search cancel

OneClick is unable to authenticate with LDAP, this causes users to be unable to be logged in

book

Article ID: 196046

calendar_today

Updated On: 06-01-2021

Products

Spectrum

Issue/Introduction

Occasionally, OneClick is not able to authenticate with our LDAP server.  From a tcpdump we can see the following message from the Ldap with:

>> LdapError <NumberXX> In order to perform this operation a successful bind must be completed on the connection ....


Update: 

A second ldap error (DSID-0C090A7D) has been identified

May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) -   Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)

 

Environment

Release : 10.4.1, 10.4.0, 10.3.2

Component : Spectrum OneClick

Cause

OneClick does not respond to an LDAP bind request

Resolution


Work Around: A restart of OneClick tomcat will temporarily fix the problem until the LDAP server requests another successful bind.

Original LDAP Error: DSID-0C090A4C


   This issue is scheduled to be fixed with 10.4.2

   Spectrum 10.4.0 - Spectrum_10.04.00.PTF_10.4.022
   Spectrum 10.4.1 - BMP_10.4.101b + Spectrum_10.04.01.PTF_10.4.123a
   Spectrum 10.3.2 - BMP_10.3.201 + Spectrum_10.03.02.D170



Second LDAP Error: DSID-0C090A7D

  Spectrum 10.4.3.1 (NetOps 20.2.10) - Spectrum_10.04.03.01.D163
  Prior versions: please reproduce with SSORB Security SP debug enabled  (steps mentioned below) and open a support case.

 

Additional Information


Identification: 

Enable 'SSORB Security SP' debug using an already authenticated account or a superuser.

- OneClick Web ~~> Administration ~~> Debugging ~~> Web Server Debug Page (runtime)
   SSORB Security SP ~~> On

- Have someone try to authenticate

- Check the tomcat log file
     $SPECROOT/tomcat/logs/catalina.out (Windows: stdout.log)


May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) -   Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)