Highlighted
Micro Focus Expert
Micro Focus Expert
153 views

(UCMDB) Support Tip - User can't login to uCMDB - ldap is activated

  • User can't login to uCMDB. Authentication failed is returned at all time for LDAP users
  • The ldap server looks to be available (Microsoft tools used to check), and active directory is the target ldap server

Checking an ldap server availability could be tricky when active directory is being used.

A particular care has to be taken:  - test must be performed by using the ip of the ldap server. DNS names are not enough to confirm the connectivity, as many tools are able to rely on dns roundrobin, i.e., getting a list of servers. This is particularly true with Microsoft tools. This for sure can only be used for LDAP and not for LDAPS with needs a proper FQDN. Our own ldap implementation does not support DNS round robin as a failover method, we will rely on the dns resolution of the java/os implementation.
- If a portscan tool are used, TCP port has to be active. LDAP over UDP is a Microsoft flavor, which can't be used outside of Microsoft tools
- it's good to rely on open source tools, like jxplorer, or proprietary softera ldap browsers to check for connectivity
- any method relying on jscript/vbscript, powershell is not good to be used, as most of them, even if handled with url like ldap:// are in fact not using ldap, but dcom communications, which can function even when the ldap target is not answering to ldap queries.
Then, only when those tools are able to connect, it can be considered that the active directory is fully functional. 

Reference:

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM02816841

MICRO FOCUS Software Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please hit the Kudo botton, if you find this post useful.
Labels (1)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.