LDAP logon issues

book

Article ID: 208040

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

We are using LDAP for logging into the web interface. Sometimes we get an error unable to login but if we continuously hit the logon button several times it will login. This seems to be happening more and more frequent. Do you know what might be causing this?

Cause

Automic Admin was running an Active/Active cluster.  Only on one of the servers they were getting the error:

U00045014 Exception 'javax.naming.CommunicationException: "<ldap server> :3269"' at 'com.sun.jndi.ldap.Connection.<init>():238'.
20210121/095621.393 - 50     U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
20210121/095621.393 - 50      java.security.cert.CertPathValidatorException: The certificate issued by CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US is not trusted; internal cause is: 
20210121/095621.393 - 50      java.security.cert.CertPathValidatorException: Certificate chaining error"' at 'com.ibm.jsse2.k.a():6'.

Environment

Release : 12.3.x

Component : AUTOMATION ENGINE

Resolution

When integrating with an LDAPS server over port 636 or 3279 - a certificate is required in order to communicate with the LDAPS Server.

In this particular case the Java cacerts keystore that Automic was using, only one server had their cacerts keystore populated with the correct ldaps certificate.

Therefore copied the java keystore cacerts to the other server and restarted it.