OneClick is unable to authenticate with LDAP, this causes users to be unable to be logged in
Article ID: 196046
Updated On:
Products
Issue/Introduction
Occasionally, OneClick is not able to authenticate with our LDAP server. From a tcpdump we can see the following message from the Ldap with:
>> LdapError <NumberXX> In order to perform this operation a successful bind must be completed on the connection ....
Update:
A second ldap error (DSID-0C090A7D) has been identified
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)
Environment
Release : 10.4.1, 10.4.0, 10.3.2
Component : Spectrum OneClick
Cause
OneClick does not respond to an LDAP bind request
Resolution
Work Around: A restart of OneClick tomcat will temporarily fix the problem until the LDAP server requests another successful bind.
Original LDAP Error: DSID-0C090A4C
This issue is scheduled to be fixed with 10.4.2
Spectrum 10.4.0 - Spectrum_10.04.00.PTF_10.4.022
Spectrum 10.4.1 - BMP_10.4.101b + Spectrum_10.04.01.PTF_10.4.123a
Spectrum 10.3.2 - BMP_10.3.201 + Spectrum_10.03.02.D170
Second LDAP Error: DSID-0C090A7D
Spectrum 10.4.3.1 (NetOps 20.2.10) - Spectrum_10.04.03.01.D163
Prior versions: please reproduce with SSORB Security SP debug enabled (steps mentioned below) and open a support case.
Additional Information
Identification:
Enable 'SSORB Security SP' debug using an already authenticated account or a superuser.
- OneClick Web ~~> Administration ~~> Debugging ~~> Web Server Debug Page (runtime)
SSORB Security SP ~~> On
- Have someone try to authenticate
- Check the tomcat log file
$SPECROOT/tomcat/logs/catalina.out (Windows: stdout.log)
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)
Feedback
