search cancel

NetOps Portal Test LDAP function via SsoConfig command returns error

book

Article ID: 257162

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Setting up and enabling LDAPS in DX NetOps Performance Management Portal web server.

Getting the following errors with Test LDAP SsoConfig tests.

Could not obtain a DirectoryContext.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563]
Logon failure: unknown user name or bad password.
Bind to the directory failed.

Three validated users have been tested with to ensure it's not a bad username or password value.

Why does it think the user is unknown or a bad password was entered?

The LDAP configuration is as follows.

SSO Configuration/DX NetOps/LDAP Authentication:
Connection User: {0}
Connection Password: ***
Search Domain: ldaps://d.r.dfait-maeci.gc.ca/OU=Users,OU=Accounts,DC=d,DC=r,DC=dfait-maeci,DC=gc,DC=ca
Search String: saMAccountName={0}
Search Scope: subtree
User Bind: Disabled
Encryption: simple
Account User: {CN}
Account User Default Clone: user
Group:
Krb5ConfigFile:
Status: Enabled
Timeout: 10000

Environment

All supported DX NetOps Performance Management Portal web server releases

Cause

Incorrect Connection User value set.

Resolution

Often the simple {0} Connection User value isn't sufficient. Some LDAP environments require an option like one of the following for the Connection User value.

  • {0}@domain.com
    • Replace domain.com with the correct domain.
    • Example: If using a Broadcom option it would be:
      • {0}@broadcom.com
  • DOMAIN\{0}
    • Replace DOMAIN with the correct domain value.
    • Example: If using a Broadcom option it would be:
      • broadcom\{0} 
  • Set a specific Service Account user from LDAP to use for the connection.
    • If using that Connection User value, ensure the configuration for the "User Bind" value is set to true using the SsoConfig command.