LDAP authentication problem while using subtree search with Active Directory
Article ID: KB0091897
Updated On:
| Products | Versions |
|---|---|
| TIBCO DataSynapse GridServer | - |
| Not Applicable | - |
Description
Resolution:
While doing a subtree search using Active Directory, authentication can fail and the following exception is seen in the logs:
10/03/08 16:16:06.507 SEVERE: [ManualLoginMethod] Trouble autheticating: subgroup_ou_usercom.livecluster.admin.UserManagerException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=qa-ad,dc=datasynapse,dc=com'
at com.livecluster.admin.LDAPUserManager.fillInUser(LDAPUserManager.java:185)
at com.livecluster.admin.DBUserManager.getUser(DBUserManager.java:59)
at com.livecluster.admin.TTLCachedUserManager.getUser(TTLCachedUserManager.java:35)
at com.livecluster.admin.TTLCachedUserManager.authenticate(TTLCachedUserManager.java:88)
at com.livecluster.admin.servlet.ManualLoginMethod.authenticate(ManualLoginMethod.java:41)
at com.livecluster.admin.servlet.LoginMethod.performLogin(LoginMethod.java:38)
This means that the search is returning a referral that JNDI cannot follow. To get around this you need to set the jndi variable java.naming.referral to the value "follow". Under Users | Authentication | JNDI Environment Variables put the following:
java.naming.referral=follow
If your search still doesn't work, its possible that the value kicked back by the AD (which is a server name) is not resolvable. To get around this problem you must add the <!ip> <!hostname> to your etc/hosts file on the machine. See also: http://mail-archives.apache.org/mod_mbox/tomcat-users/200611.mbox/%3C20061102112142.1A40810FB004@herse.apache.org%3E and http://www.jspwiki.org/wiki/ActiveDirectoryIntegration\\
While doing a subtree search using Active Directory, authentication can fail and the following exception is seen in the logs:
10/03/08 16:16:06.507 SEVERE: [ManualLoginMethod] Trouble autheticating: subgroup_ou_usercom.livecluster.admin.UserManagerException: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=qa-ad,dc=datasynapse,dc=com'
at com.livecluster.admin.LDAPUserManager.fillInUser(LDAPUserManager.java:185)
at com.livecluster.admin.DBUserManager.getUser(DBUserManager.java:59)
at com.livecluster.admin.TTLCachedUserManager.getUser(TTLCachedUserManager.java:35)
at com.livecluster.admin.TTLCachedUserManager.authenticate(TTLCachedUserManager.java:88)
at com.livecluster.admin.servlet.ManualLoginMethod.authenticate(ManualLoginMethod.java:41)
at com.livecluster.admin.servlet.LoginMethod.performLogin(LoginMethod.java:38)
This means that the search is returning a referral that JNDI cannot follow. To get around this you need to set the jndi variable java.naming.referral to the value "follow". Under Users | Authentication | JNDI Environment Variables put the following:
java.naming.referral=follow
If your search still doesn't work, its possible that the value kicked back by the AD (which is a server name) is not resolvable. To get around this problem you must add the <!ip> <!hostname> to your etc/hosts file on the machine. See also: http://mail-archives.apache.org/mod_mbox/tomcat-users/200611.mbox/%3C20061102112142.1A40810FB004@herse.apache.org%3E and http://www.jspwiki.org/wiki/ActiveDirectoryIntegration\\
Issue/Introduction
LDAP authentication problem while using subtree search with Active Directory
Feedback
Yes
No
Powered by
