search cancel

NetOps Portal Test LDAP function via SsoConfig command returns error


Article ID: 257162


Updated On:


CA Performance Management - Usage and Administration DX NetOps


Setting up and enabling LDAPS in DX NetOps Performance Management Portal web server.

Getting the following errors with Test LDAP SsoConfig tests.

Could not obtain a DirectoryContext.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563]
Logon failure: unknown user name or bad password.
Bind to the directory failed.

Three validated users have been tested with to ensure it's not a bad username or password value.

Why does it think the user is unknown or a bad password was entered?

The LDAP configuration is as follows.

SSO Configuration/DX NetOps/LDAP Authentication:
Connection User: {0}
Connection Password: ***
Search Domain: ldaps://,OU=Accounts,DC=d,DC=r,DC=dfait-maeci,DC=gc,DC=ca
Search String: saMAccountName={0}
Search Scope: subtree
User Bind: Disabled
Encryption: simple
Account User: {CN}
Account User Default Clone: user
Status: Enabled
Timeout: 10000


All supported DX NetOps Performance Management Portal web server releases


Incorrect Connection User value set.


Often the simple {0} Connection User value isn't sufficient. Some LDAP environments require an option like one of the following for the Connection User value.

  • {0}
    • Replace with the correct domain.
    • Example: If using a Broadcom option it would be:
      • {0}
  • DOMAIN\{0}
    • Replace DOMAIN with the correct domain value.
    • Example: If using a Broadcom option it would be:
      • broadcom\{0} 
  • Set a specific Service Account user from LDAP to use for the connection.
    • If using that Connection User value, ensure the configuration for the "User Bind" value is set to true using the SsoConfig command.