UVMS: The server cannot be reached: LDAP Access denied
search cancel

UVMS: The server cannot be reached: LDAP Access denied

book

Article ID: 86736

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Ldap authentication ceased to work. Login of LDAP user is no longer possible in UVC.
While login to UVMS with a LDAP Account, we get the following error:

The server cannot be reached: LDAP Access denied

Check with unicheckldap:

unicheckldap -login "username" -password "password"
UVMS configured with INTERNAL authentication.

Loading ldap.xml
********************
ldap.xml loaded. 1 configuration(s) found(s)
********************

Checking configuration: [LDAP Repository]:
Host: ldap_server Port: 389 SSL: false
cannot connect to ldap server: javax.naming.CommunicationException: ldap_server:389  [Root exception is java.net.UnknownHostException: ldap_server]
FAILURE Host: ldap_server configuration is KO
********************

This error messages shows clearly that the ldap server (ldap_server) cannot be reached

Cause

The problem UnknownHostException is due to the fact that the hostname ldap_server was no longer existing in the DNS as it had changed and it had not been modified in the ldap.xml with the current server.

Resolution

To fix it, either check the DNS settings of the server if they are correct if a record exists for such LDAP server or modify the ldap.xml and replace the host parameter by the correct one.

The ldap.xml must be updated with the new hostname of the ldap server and uvms must be restarted.

The new settings must be checked with unicheckldap:

The LDAP server must be reachable
The user must be found
The password must be correct

./unicheckldap -login "username" -password "password"
UVMS configured with INTERNAL authentication.

Loading ldap.xml
********************
ldap.xml loaded. 1 configuration(s) found(s)
********************

Checking configuration: [LDAP Repository]:
Host: new_ldap_server Port: 389 SSL: false

---------------------------------------------
supported SASL mechanisms:
+ GSSAPI
+ GSS-SPNEGO
+ EXTERNAL
+ DIGEST-MD5
DIGEST-MD5 mechanism supported.
---------------------------------------------
SUCCESS Host: new_ldap_server  configuration is OK
User search filter: (samaccountname=!login!)
User list search filter: objectclass=person
Group list search filter: (objectClass=group)
Nested group: false
Referral: true
SUCCESS Login: username found on the LDAP server
SUCCESS Login: username authentication successful
Powered by Wolken Software