search cancel

AD FrameWork Authentication Errors

book

Article ID: 216838

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

 

Various issues:

  1. Error while trying the search pending request for users.
  2. Error prompt while clicking on my profile.
  3. Error prompt while clicking on access tab.
  4. Page keep loading while approving

 

Identity Manager shows AD FrameWork Authentication-related errors in the stack traces.

Cause

In the IM wildfly log there ares tack traces coming from the AD FrameWork Authentication module and user not found errors.

For example, IM password reset fails:

2021-06-02 00:05:48,637 DEBUG [ims.llsdk.directory.jndi.createUserQAHang] (Thread-154 (HornetQ-client-global-threads-2125408835)) JNDIBase.getObject didn't work as a unique name, trying again as a friendly name find - looking for a USER named tuser123
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.dirandenvcache.moAttrCache] (Thread-154 (HornetQ-client-global-threads-2125408835)) findManagedObjectAttr: Found mo definition key for [3] in cache.
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) findObjectByFriendlyName using filter: (&(uid=tuser123)(objectclass=imUser)) and base DN ou=im,ou=ca,o=com
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.dirandenvcache.moAttrCache] (Thread-154 (HornetQ-client-global-threads-2125408835)) findManagedObjectAttr: Found mo definition key for [3] in cache.
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) Acquiring new LDAP connection
2021-06-02 00:05:48,638 DEBUG [ims.llsdk.directory.jndi] (Thread-154 (HornetQ-client-global-threads-2125408835)) Acquired LDAP connection ([email protected])
2021-06-02 00:05:48,639 DEBUG [ims.llsdk.typeregistry] (Thread-154 (HornetQ-client-global-threads-2125408835)) Did not find definition for type USER
2021-06-02 00:05:48,647 ERROR [ActiveDirectoryPasswordSynchListener] (Thread-154 (HornetQ-client-global-threads-2125408835)) User not found or not unique
2021-06-02 00:05:48,648 ERROR [ims.tmt.IMSMessageListener] (Thread-154 (HornetQ-client-global-threads-2125408835)) processToEndState: Exception occured during event processing: [facility=4 severity=3 reason=0 status=6 message=Unrecognized command]
 at com.netegrity.webapp.authentication.ad.ActiveDirectoryConnection.getDnForUser(ActiveDirectoryConnection.java:209) [user_console.jar:]
 at com.netegrity.webapp.authentication.ad.ActiveDirectoryConnection.resetPassword(ActiveDirectoryConnection.java:395) [user_console.jar:]

In the immanage console the Active Directory Authentication module was selected but not configured for SSL. However, SSL is a requirement for password reset and other actions against AD. Therefore, set up the environment with SSL for use with the AD Auth Module.

Resolution

Verify the Authentication configuration for your Active Directory module.

Home › Environments › identityEnv › Advanced Settings › User Console › ActiveDirectory authentication module properties

Ensure you are pointing to the SSL port (636) and SSL = TRUE.