OneClick is unable to authenticate with LDAP, this causes users to be unable to be logged in

book

Article ID: 196046

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Occasionally, OneClick is not able to authenticate with our LDAP server.  From a tcpdump we can see the following message from the Ldap with:

>> LdapError <NumberXX> In order to perform this operation a successful bind must be completed on the connection ....


Update: 

A second ldap error (DSID-0C090A7D) has been identified

May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) -   Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)

 

Cause

OneClick does not respond to an LDAP bind request

Environment

Release : 10.4.1, 10.4.0, 10.3.2

Component : Spectrum OneClick

Resolution


Work Around: A restart of OneClick tomcat will temporarily fix the problem until the LDAP server requests another successful bind.

Original LDAP Error: DSID-0C090A4C


   This issue is scheduled to be fixed with 10.4.2

   Spectrum 10.4.0 - Spectrum_10.04.00.PTF_10.4.022
   Spectrum 10.4.1 - BMP_10.4.101b + Spectrum_10.04.01.PTF_10.4.123a
   Spectrum 10.3.2 - BMP_10.3.201 + Spectrum_10.03.02.D170



Second LDAP Error: DSID-0C090A7D

  Spectrum 10.4.3.1 (NetOps 20.2.10) - Spectrum_10.04.03.01.D163
  Prior versions: please reproduce with SSORB Security SP debug enabled  (steps mentioned below) and open a support case.

 

Additional Information


Identification: 

Enable 'SSORB Security SP' debug using an already authenticated account or a superuser.

- OneClick Web ~~> Administration ~~> Debugging ~~> Web Server Debug Page (runtime)
   SSORB Security SP ~~> On

- Have someone try to authenticate

- Check the tomcat log file
     $SPECROOT/tomcat/logs/catalina.out (Windows: stdout.log)


May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - User dpalakie is neither a super user nor an allowed user to login Spectrum
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) - Authenticating user with external directory server: JoeJoe
May 25, 2021 08:16:14.821 (https-jsse-nio-8443-exec-54) (SecuritySP) -   Getting user by search: sAMAccountName=JoeJoe
May 25, 2021 08:16:14.822 - Problem verifying user :javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'DC=acme,DC=net'
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3301)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3207)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2998)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1874)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797)