Cannot logon to web interface

Hi,

I changed the ldap authentication to GroupWise authentication for testing purposes. I wasn't able to login using GW authentication so I changed it back to LDAP auth (AD), which worked perfectly before. No I'm unable to logon. The web interface gives me an error: **Invalid Username/Password. Please try again.**
I can only logon using the root account now. I restarted all the services, but no luck.

I checked the "configengine.xml" file and everything seems ok there. When I look into the "configengine.log" file, I see the following:

**WARNING [CP WSGIServer Thread-8] [__init__:1550] [userID:] [eventID:] [objectID:] [] Authentication or LDAP server failure: NO_SUCH_OBJECT**

How can I get this working again?

Iwan
Parents
  • iwan;2321508 wrote:
    Hi,

    I changed the ldap authentication to GroupWise authentication for testing purposes. I wasn't able to login using GW authentication so I changed it back to LDAP auth (AD), which worked perfectly before. No I'm unable to logon. The web interface gives me an error: **Invalid Username/Password. Please try again.**
    I can only logon using the root account now. I restarted all the services, but no luck.

    I checked the "configengine.xml" file and everything seems ok there. When I look into the "configengine.log" file, I see the following:

    **WARNING [CP WSGIServer Thread-8] [__init__:1550] [userID:] [eventID:] [objectID:] [] Authentication or LDAP server failure: NO_SUCH_OBJECT**

    How can I get this working again?

    Iwan


    I've set the 2.x GMS systems I've upgraded/installed to GroupWise auth... So I can't check and compare.

    Although it's for Datasync, this bit might still be relevant as to manually add an admin in : https://www.novell.com/documentation/datasynchronizer1/datasync1_admin/data/boy596g.html#boa2rxm

    Other than that, I also wonder if the LDAP server IP entry itself might have "gone lost" when changing to and back?

    Cheers,
    Willem
Reply
  • iwan;2321508 wrote:
    Hi,

    I changed the ldap authentication to GroupWise authentication for testing purposes. I wasn't able to login using GW authentication so I changed it back to LDAP auth (AD), which worked perfectly before. No I'm unable to logon. The web interface gives me an error: **Invalid Username/Password. Please try again.**
    I can only logon using the root account now. I restarted all the services, but no luck.

    I checked the "configengine.xml" file and everything seems ok there. When I look into the "configengine.log" file, I see the following:

    **WARNING [CP WSGIServer Thread-8] [__init__:1550] [userID:] [eventID:] [objectID:] [] Authentication or LDAP server failure: NO_SUCH_OBJECT**

    How can I get this working again?

    Iwan


    I've set the 2.x GMS systems I've upgraded/installed to GroupWise auth... So I can't check and compare.

    Although it's for Datasync, this bit might still be relevant as to manually add an admin in : https://www.novell.com/documentation/datasynchronizer1/datasync1_admin/data/boy596g.html#boa2rxm

    Other than that, I also wonder if the LDAP server IP entry itself might have "gone lost" when changing to and back?

    Cheers,
    Willem
Children
  • Hi,

    Just to clarify something... are you running your GMS system directly against an AD infrastructure for authentication or via GroupWise using AD as it's LDAP source?

    Cheers,
  • Hi,

    I'm authenticating directly to AD. I also use an AD group for user provisioning. I am going to move to GW authentication and set GW to AD auth, so the end result wil lbe the same. But for now it is not possible to set additional admin users if I set it to GW auth. That's why I set it back to LDAP (AD) auth.

    I checked all the settings and also the xml files and it seems to be ok, at least as it was before. Can't figure out why it doesn't work. I used dsapp to run a "General Health Check" and it came up with an error also:
    ****
    search result
    search: 2
    result: 32 No such object
    text: 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, bes
    t match of:
    ''
    # numResponses: 1

    Failed.
    ****
    Iwan


    laurabuckley;2321602 wrote:
    Hi,

    Just to clarify something... are you running your GMS system directly against an AD infrastructure for authentication or via GroupWise using AD as it's LDAP source?

    Cheers,
  • Hi,

    As far as I am aware the only authentication methods supported by GMS is LDAP against eDirectory or GroupWise authentication. GMS LDAP directly against AD is not supported.

    Cheers,
  • Hi,

    I've managed to get it working again by restoring the configengine.xml file from a previous backup. I know that it is not officialy supported, but it does work. Once we move over to GW2014, I'll switch to GW authentication.

    Thank you for your time.

    Iwan
  • iwan;2321685 wrote:
    Hi,

    I've managed to get it working again by restoring the configengine.xml file from a previous backup. I know that it is not officialy supported, but it does work. Once we move over to GW2014, I'll switch to GW authentication.

    Thank you for your time.

    Iwan


    Hi Iwan,

    While it's not supported, we have heard of quite a couple of sites that are indeed successfully using AD as authentication source.

    I am curious though if you have been able to see a difference with the configengine.xml that was not working and the one you have now restored and is working.

    If you still have a copy of the non working file, the console command "diff" could quickly show what is different. That would be great to know as future reference.

    Thanks,
    Willem
  • Hi Willem,

    I did compare the files before restoring them. It seems that there are two differences. The first is that all of the admins defined in the file were gone and the second is that the encrypted ldap user password string was different. I did re-enter the password in the web interface to see if that made a difference, but no luck. Only restoring the XML file helped.

    Iwan
  • Hi Willem,

    I did compare the files before restoring them. It seems that there are two differences. The first is that all of the admins defined in the file were gone and the second is that the encrypted ldap user password string was different. I did re-enter the password in the web interface to see if that made a difference, but no luck. Only restoring the XML file helped.

    Iwan
  • iwan;2321724 wrote:
    Hi Willem,

    I did compare the files before restoring them. It seems that there are two differences. The first is that all of the admins defined in the file were gone and the second is that the encrypted ldap user password string was different. I did re-enter the password in the web interface to see if that made a difference, but no luck. Only restoring the XML file helped.

    Iwan


    That is good to know (and keep in mind) Iwan. Thanks for the update!

    Cheers,
    Willem