UD failed to integrate LDAP due to connection issue

Hello support,

 

Our UD server is able to ping and telnet AD server port 389 & 636. Test LDAP connection failed.

But from the UD log, it always show the error:

 

[qtp997055366-1184] (LdapServices.java:44) ERROR - Fail to retrieve LDAP groups
com.hp.sw.bto.ast.security.uum.UserManagementException: Exception while searching for groups tree in LDAP
at com.hp.sw.bto.ast.security.uum.UserManagementLDAP.findGroupsPlain(UserManagementLDAP.java:650)
at com.hp.ucmdb.ldap.LdapServices.getLdapRootGroups(LdapServices.java:39)
at com.hp.ucmdb.jmx.LdapSettingsJmxServices.testLDAPConnection(LdapSettingsJmxServices.java:201)

.......

Caused by: com.hp.sw.bto.ast.security.uum.UserManagementException: Exception caught while connecting to LDAP with the following configuration parameters: com.hp.sw.bto.ast.security.uum.UserManagementLDAPConfiguration@470b0408
at com.hp.sw.bto.ast.security.uum.UserManagementLDAP.findGroups(UserManagementLDAP.java:477)
at com.hp.sw.bto.ast.security.uum.UserManagementLDAP.findGroupsPlain(UserManagementLDAP.java:648)
... 68 more
Caused by: com.hp.sw.bto.ast.security.uum.UserManagementConnectionException: Exception, while connecting to LDAP with the following configuration parameters: com.hp.sw.bto.ast.security.uum.UserManagementLDAPConfiguration@470b0408
at com.hp.sw.bto.ast.security.uum.LDAPTools.createConnectionAndConnect(LDAPTools.java:170)
at com.hp.sw.bto.ast.security.uum.UserManagementLDAP.findGroups(UserManagementLDAP.java:473)
... 69 more
Caused by: com.hp.sw.bto.ast.security.uum.UserManagementConnectionException: Cannot connect to host = ADservername.xxx.xxx.xx, port = 636, username = CN=ADusername,OU=A,DC=B,DC=C,DC=D
at com.hp.sw.bto.ast.security.uum.LDAPTools.ldapConnect(LDAPTools.java:194)
at com.hp.sw.bto.ast.security.uum.LDAPTools.createConnectionAndConnect(LDAPTools.java:168)
... 70 more
Caused by: netscape.ldap.LDAPException: The connection is not available (80); Unknown error
at netscape.ldap.LDAPConnection.sendRequest(LDAPConnection.java:1809)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1754)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1239)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:918)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:867)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1006)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:1016)
at netscape.ldap.LDAPConnection.connect(LDAPConnection.java:961)

 

we can use ldp.exe to connect AD server from UD server, even simple bind by a AD account. Please suggest how to resolve this issue?

 

Thanks

Shelly

Tags:

  • Post all LDAP Settings you put into the UD LDAP Settings, without sensitive information for us to have a look at

    As well What type of LDAP?

     

  • Hi ,

    Thanks for your reply firstly.

    Attached our LDAP settings from JMX output.

    ping,telnet AD port 389,636 sucessfully. Using LDAP Softerra tool to test the connection from UD server to AD server with the credential. there is no problem.

    But same AD account we using for LDAP integration on HP UD with LDAPS port 636, never get any ouput from testldapconnection of jmx console.

    system admin checked events on AD server, it just show the connection request from softerra not UD. UD never set up a connection to AD.

    What;s wrong here? We pend on this issue a long time. still haven't found the cause.

    Thanks

    Shelly

  • Even I am getting the same error:

    LDAP error 80.

    JSSESocketFactory fact = new JSSESocketFactory(null);
    LDAPConnection ld = new LDAPConnection(fact);

    ld.connect(a,b)

    (till here works, below methods is where it gets error. It works only for 50% of requests)

    ld.authenticate(a,b)

  • Most enterprise users are using UD/UCMDB with LDAP. The code is fine, it's all about configuration.

    Please pay attention, that UCMDB couldn't export public certificates (as any browser do). If you are connecting over HTTPS, the certificate need to be imported manually.

    I would suggest to start from JMC console. Threre are methods to check connectivity to LDAP, and proper filtering as well.

    As a side note. When you will be done with initial settings, please do not try to put all your thousands of employees in LDAP scope. This will make your UCMDB login long as a hell. Create at tleast groups for users and admins and assign appropriate roles in UCMDB.

    Hope it helps. 

  • Hi, I know this topic is quite old but need to get my answers. I got the same error. Using ldaps I imported two corporate certificates to UCMDB but still getting the same error.

    Regards,

    Marcin Musioł