(UCMDB) Support Tip - User can't login to uCMDB - ldap is activated
- User can't login to uCMDB. Authentication failed is returned at all time for LDAP users
- The ldap server looks to be available (Microsoft tools used to check), and active directory is the target ldap server
Checking an ldap server availability could be tricky when active directory is being used.
A particular care has to be taken: - test must be performed by using the ip of the ldap server. DNS names are not enough to confirm the connectivity, as many tools are able to rely on dns roundrobin, i.e., getting a list of servers. This is particularly true with Microsoft tools. This for sure can only be used for LDAP and not for LDAPS with needs a proper FQDN. Our own ldap implementation does not support DNS round robin as a failover method, we will rely on the dns resolution of the java/os implementation.
- If a portscan tool are used, TCP port has to be active. LDAP over UDP is a Microsoft flavor, which can't be used outside of Microsoft tools
- it's good to rely on open source tools, like jxplorer, or proprietary softera ldap browsers to check for connectivity
- any method relying on jscript/vbscript, powershell is not good to be used, as most of them, even if handled with url like ldap:// are in fact not using ldap, but dcom communications, which can function even when the ldap target is not answering to ldap queries.
Then, only when those tools are able to connect, it can be considered that the active directory is fully functional.
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please hit the Kudo botton, if you find this post useful.