Unable to login in IM User Console thought router caim-srv only working if configuring the user store ip-address

book

Article ID: 220391

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Cant login on user console. Says that the user/password is not ok.

 

Changing the <Connection host="caim-srv" port="19289"/> to the <Connection host="<ip of User Store>" port="10101 "/>  worked and logged in with no problem but this is a workaround

Need to keep the caim-srv as host address  and solve this problem.

Logs :

[1] 20210723.160229.440 #013.331 COMPARE : 4 deep :
[9] 20210723.160229.441 #013.332 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
[2] 20210723.160233.080 #013.333 COMPARE : 4 deep :
[3] 20210723.160233.081 #013.334 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
[5] 20210723.161053.030 #015.000 BIND : <ip-address> COM/CA/IM/DSAADMIN :
[3] 20210723.161053.295 #015.006 SEARCH : 3 deep base-object no-filter : 1 entries 1 attrs
[6] 20210723.161210.969 #012.000 ABORT : : 675 sec 1 kbytes 2 ops 0 cpu

[5] 20210723.161233.400 #013.000 ABORT : : 691 sec 0 kbytes 11 ops 0 cpu

[2] 20210723.161419.738 #016.000 BIND : <ip-address>  COM/CA/IDM-USERSTORE-ROUTER-CAIM-SRV-01 :
[3] 20210723.161419.738 #016.335 COMPARE : 4 deep :
[8] 20210723.161419.739 #016.336 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
^C

Cause

1 . the environment has ca directory and provisioning server in one serer and IM server in different server.

2. extended ca directory schema in ca directory user stores;

3. But did not applied the same change on the router machine that resides in IM servers.

4. The IM servers has ca Dir Router that needs same schema modifications that is done in CA Directory User Stores otherwise nobody can login from router.

Environment

Release : 14.3 CP2

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

1) since  was using directly user store ip-address trying resolve the issue, firstly rollback in immanage Directories->UserStore from URL LDAP://<user store ip>:10101 to LDAP://caim-srv:19289 editing user store xml and importing;
2) Tried access the router to caim-srv 19289 via Jxplorer and got error "Connection refused: connect"
3) [email protected] (host where router resides) have in idm-userstore-router-caim-srv-01_warn_20210726.log:

[1] 20210726.141743.523 WARN: LDAP: invalid oid: BrsPerson

4) The message above is because the User Store Instance has a schema extension and the router does not have.

5) After copied the customized files to /opt/CA/Directory/dxserver/config/schemas/  im.dxg and BrsPerson.dxc the issue is now resolved.