Login to Univiewer of LDAP users is no longer working after upgrading UVMS
Article ID: 85338
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error Message :
On UVC, when login using a LDAP user, the authentication fails with the following popup error message:
###################################
================================================
The server cannot be reached: LDAP Access denied
================================================
###################################
On UVMS, when launching unicheckldap, we see that the user is no longer found:
###################################
<uvms_dir>/app/bin/unicheckldap -login afr -password XXXX
UniViewer Management Server environment loaded.
UVMS configured with INTERNAL authentication.
Loading ldap.xml
********************
ldap.xml loaded. 1 configuration(s) found(s)
********************
Checking configuration: [LDAP Repository]:
Host: vmsdmdc002.orsyptst.com Port: 389 SSL: false
---------------------------------------------
supported SASL mechanisms:
+ GSSAPI
+ GSS-SPNEGO
+ EXTERNAL
+ DIGEST-MD5
DIGEST-MD5 mechanism supported.
---------------------------------------------
SUCCESS Host: vmsdmdc002.orsyptst.com configuration is OK
User search filter: (samaccountname=!login!)
User list search filter: objectclass=person
Group list search filter: (objectClass=group)
Nested group: false
Referral: false
FAILURE Login: afr not found on the LDAP server
********************
###################################
Patch level detected:Univiewer Management Server 6.3.00
Product Version: Dollar.Universe 6.3.01
Description :After upgrading UVMS to version 6.3.41 or 6.4.01, the Ldap authentication without any changes in the ldap settings will fail.
On UVC, when login using a LDAP user, the authentication fails with the following popup error message:
###################################
================================================
The server cannot be reached: LDAP Access denied
================================================
###################################
On UVMS, when launching unicheckldap, we see that the user is no longer found:
###################################
<uvms_dir>/app/bin/unicheckldap -login afr -password XXXX
UniViewer Management Server environment loaded.
UVMS configured with INTERNAL authentication.
Loading ldap.xml
********************
ldap.xml loaded. 1 configuration(s) found(s)
********************
Checking configuration: [LDAP Repository]:
Host: vmsdmdc002.orsyptst.com Port: 389 SSL: false
---------------------------------------------
supported SASL mechanisms:
+ GSSAPI
+ GSS-SPNEGO
+ EXTERNAL
+ DIGEST-MD5
DIGEST-MD5 mechanism supported.
---------------------------------------------
SUCCESS Host: vmsdmdc002.orsyptst.com configuration is OK
User search filter: (samaccountname=!login!)
User list search filter: objectclass=person
Group list search filter: (objectClass=group)
Nested group: false
Referral: false
FAILURE Login: afr not found on the LDAP server
********************
###################################
Patch level detected:Univiewer Management Server 6.3.00
Product Version: Dollar.Universe 6.3.01
Description :After upgrading UVMS to version 6.3.41 or 6.4.01, the Ldap authentication without any changes in the ldap settings will fail.
Environment
OS: All
Cause
Cause type:
Defect
Root Cause: If the UserSearchBase field in ldap.xml is configured without selecting a OU or CN like CN=Users:
DC=orsyptst,DC=com
Following the upgrade of UVMS, the users can't be found.
Defect
Root Cause: If the UserSearchBase field in ldap.xml is configured without selecting a OU or CN like CN=Users:
DC=orsyptst,DC=com
Following the upgrade of UVMS, the users can't be found.
Resolution
We have two workarounds if you have to stay in 6.3.41 or 6.4.01:
a) In case all your users on the LDAP are stored on the same folder:
-- Configuring the UserSearchBase to start with a sub-tree of the LDAP tree like
CN=Users, DC=orsyptst,DC=com
or
OU=Users, DC=orsyptst,DC=com
The choice may depend on the structure of the LDAP tree.
b) In case the users on the LDAP are stored on different folders:
Edit the file ldap.xml and set followReferral to YES
YES
Warning: In case there are many users / groups on the LDAP, this could slow down the performance of the queries to the LDAP since we will have to look on the whole tree instead of only several folders.
Fix Status: Released
Fix Version(s):
Component: Univiewer.Management.Server
Version: Dollar.Universe 6.4.21
a) In case all your users on the LDAP are stored on the same folder:
-- Configuring the UserSearchBase to start with a sub-tree of the LDAP tree like
CN=Users, DC=orsyptst,DC=com
or
OU=Users, DC=orsyptst,DC=com
The choice may depend on the structure of the LDAP tree.
b) In case the users on the LDAP are stored on different folders:
Edit the file ldap.xml and set followReferral to YES
YES
Warning: In case there are many users / groups on the LDAP, this could slow down the performance of the queries to the LDAP since we will have to look on the whole tree instead of only several folders.
Fix Status: Released
Fix Version(s):
Component: Univiewer.Management.Server
Version: Dollar.Universe 6.4.21
Additional Information
Workaround :
N/A
N/A
Feedback
Yes
No
Powered by
