Unable to login in IM User Console thought router caim-srv only working if configuring the user store ip-address
Article ID: 220391
Updated On:
Products
Issue/Introduction
Cant login on user console. Says that the user/password is not ok.
Changing the <Connection host="caim-srv" port="19289"/> to the <Connection host="<ip of User Store>" port="10101 "/> worked and logged in with no problem but this is a workaround
Need to keep the caim-srv as host address and solve this problem.
Logs :
[1] 20210723.160229.440 #013.331 COMPARE : 4 deep :
[9] 20210723.160229.441 #013.332 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
[2] 20210723.160233.080 #013.333 COMPARE : 4 deep :
[3] 20210723.160233.081 #013.334 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
[5] 20210723.161053.030 #015.000 BIND : <ip-address> COM/CA/IM/DSAADMIN :
[3] 20210723.161053.295 #015.006 SEARCH : 3 deep base-object no-filter : 1 entries 1 attrs
[6] 20210723.161210.969 #012.000 ABORT : : 675 sec 1 kbytes 2 ops 0 cpu
[5] 20210723.161233.400 #013.000 ABORT : : 691 sec 0 kbytes 11 ops 0 cpu
[2] 20210723.161419.738 #016.000 BIND : <ip-address> COM/CA/IDM-USERSTORE-ROUTER-CAIM-SRV-01 :
[3] 20210723.161419.738 #016.335 COMPARE : 4 deep :
[8] 20210723.161419.739 #016.336 SEARCH : 3 deep subtree complex : 0 entries 0 attrs
^C
Environment
Release : 14.3 CP2
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Cause
1 . The environment has ca directory and provisioning server in one serer and IM server in different server.
2. Extended ca directory schema in ca directory user stores;
3. But did not applied the same change on the router machine that resides in IM servers.
4. The IM servers has ca Dir Router that needs same schema modifications that is done in CA Directory User Stores otherwise nobody can login from router.
Resolution
1) since was using directly user store ip-address trying resolve the issue, firstly rollback in immanage Directories->UserStore from URL LDAP://<user store ip>:10101 to LDAP://caim-srv:19289 editing user store xml and importing;
2) Tried access the router to caim-srv 19289 via Jxplorer and got error "Connection refused: connect"
3) dsa@host (host where router resides) have in idm-userstore-router-caim-srv-01_warn_20210726.log:
[1] 20210726.141743.523 WARN: LDAP: invalid oid: SamplePerson
4) The message above is because the User Store Instance has a schema extension and the router does not have.
5) After copied the customized files to /opt/CA/Directory/dxserver/config/schemas/ im.dxg and SamplePerson.dxc the issue is now resolved.
Feedback
