LDAP Authsync times out

book

Article ID: 207765

calendar_today

Updated On:

Products

CA Harvest Software Change Manager

Issue/Introduction

At login by Client to Harvest-Server with an LDAP-User , login is denied, when the password was changed before outside Harvest for the LDAP-User.

By renewing password in Harvest Administrator and say "Change password at next login", the password can be changed at login and then it works.

Problem is, that we have the option -authsynchinterval=01:00:00:00. This should make sure, that the synchronization of passwords takes places every day automatically

 

Cause


The problem encountered was that the openldap connection was doing DNS referrals. 

ldap_err2string
Unable to chase referral "ldaps://hostname/CN=Configuration,DC=domain,DC=company,DC=country" (-1: Can't contact LDAP server)  

Since the firewall was blocking some of those servers, this could cause timeouts.

How can the LDAP Query be configured, so that chase referrals don't take place?

Environment

Release : 13.0.3

Component : CA Harvest Software Change Manager

Resolution

Create an ldap.conf file and setting the env var in the Harvest server to read and use it.

The ldap.conf just contains one line:
referrals no

1. The system variable name is LDAPCONF
2. System variable is set on the machine on which you are running the hauthtst command. This is a client-side setting. You don't need to do it on your harvest server machine.
But, the client machine needs to have this one.

If you are running a harvest command (like say haccess or hci, etc) from cmd-line, you may want to double check the LDAPCONF setting by running the following command

echo %LDAPCONF%