UAA failed to authenticate LDAP account with NameNotFoundException in PKS
Article ID: 298536
Updated On:
Products
VMware Tanzu Kubernetes Grid Integrated Edition
Issue/Introduction
Symptoms:
When attempting to login as an LDAP user in PKS, UAA shows the following output:
When attempting to login as an LDAP user in PKS, UAA shows the following output:
[2018-10-19 20:55:37.322] uaa - 9306 [https-jsse-nio-8443-exec-9] .... ERROR --- SecurityFilterChainPostProcessor$HttpsEnforcementFilter: Uncaught Exception: org.springframework.ldap.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031522C9, problem 2001 (NO_OBJECT), data 0, best match of:
Environment
Cause
This issue occurs when using Microsoft Active Directory (MS AD) with an Active Directory Federation Services (AD FS) topology. This can occur when merging multiple LDAP registries. One scenario in which this occurs would be when a large enterprise acquires another organization and the registries are merged.
When usingĀ a global catalog, the user or group records may reside in only one peer domain. When an AD is configured in this way, and a record is not found in the peer domain, then AD will return back a
When usingĀ a global catalog, the user or group records may reside in only one peer domain. When an AD is configured in this way, and a record is not found in the peer domain, then AD will return back a
NameNotFoundException.
Resolution
Confirm that the user is part of an LDAP group. This prevents one of the peers from returning the exception.
You can create a basic group and add the user(s) to this group. This will allow AD to return back a valid result.
You can create a basic group and add the user(s) to this group. This will allow AD to return back a valid result.
Feedback
Yes
No
Powered by
