It's all about the answers!

Ask a question

Cannot connect to LDAP directory CRJAZ1559W


vishnudharan manivannan (1182841) | asked Jul 31 '13, 5:55 a.m.
edited Jul 31 '13, 6:11 a.m. by Krzysztof Kaźmierczyk (7.4k34997)

Hi,

We are trying to install RTC 4.0 Tomcat with LDAP user registry. During installation process in the step 6 we get this error.

LDAP connection was attempted with warnings. Resolve warnings or click Next to continue.ID CRJAZ1559W.

Note : Already there is an existing RTC 4.0 instance configured with the same LDAP settings which is working perfectly fine. We are installating another instance RTC for dev environment.

Shouldn't there be 2 instances of RTC with same LDAP configurations ? Or how do i resolve this error ?

Thanks in advance..

Accepted answer


permanent link
Indradri Basu (1.8k1514) | answered Jul 31 '13, 6:39 a.m.
+ what Krzysztof mentioned, this warning shows up if any of the ldap parameter values that you supplied in the "Setup User Registry" page doesn't match with your LDAP directory.
You have to ensure that the DN, User/Group property mappings etc are all correct.
You can either compare those with your working setup or use a ldap browser or dsquery(for AD only) to verify the parameters.

vishnudharan manivannan selected this answer as the correct answer

Comments
vishnudharan manivannan commented Jul 31 '13, 9:29 a.m. | edited Jul 31 '13, 9:29 a.m.

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?

3 other answers



permanent link
Indradri Basu (1.8k1514) | answered Jul 31 '13, 1:57 p.m.
This is not really an error but a warning. As the error suggests, suppose you have mentioned "userId=sAMAccountName,name=cn,emailAddress=mail" in the user property name mapping, the system expects that userid,name and mail fields in the LDAP are mandatory to validate the user and essentially not blank for any user.

If you update the users with email addresses (not essentially valid ones), this warning will go away.

Comments
vishnudharan manivannan commented Aug 01 '13, 2:38 a.m.

So can I save the tomcat configuration files and proceed with the setup ? I have concern that during the final step in the setup process, the ldap sync might fail because it failed to sync for the first 3 or 5 users. So the remaining users in the list might not get the roles.

Please advice.


Indradri Basu commented Aug 01 '13, 3:25 a.m.

I am not too certain about it as I haven't tested this explicitly. However, suppose you are in Step 6 (configure user registry) of the  setup process, you can manually edit the url to step 7 to move on and see how it turn out. Then after completing the setup you can try to import the users from the ldap and see if it complains but I think it will not. On the contrary you can always come back after correcting the LDAP users and rerun the setup.


permanent link
vishnudharan manivannan (1182841) | answered Jul 31 '13, 9:29 a.m.

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?


permanent link
Krzysztof Kaźmierczyk (7.4k34997) | answered Jul 31 '13, 6:11 a.m.
Hello Vishnudharan,
Definietely you should be able to use the same ldap with different RTC servers. Could you provide screen snapshot with error details? There are two technotes regarding this issue:

http://www-01.ibm.com/support/docview.wss?uid=swg21587363
http://www-01.ibm.com/support/docview.wss?uid=swg21501072

Can you check if at least one of them matches your issue?

Hope that it helps for you.

Best regards,
Krzysztof Kazmierczyk.

Comments
vishnudharan manivannan commented Jul 31 '13, 6:26 a.m. | edited Jul 31 '13, 6:26 a.m.

Thank you for the response Krzystof. Unfortunately both the tech notes did not match my problem. While trying to Test the connection I get this error

"LDAP connection was attempted with warnings. Resolve warnings or click Next to continue.ID CRJAZ1559W
hide details
Cannot connect to LDAP directory "ldap://localhost:389".

Server logs :

013-07-31 15:21:46,648 [          http-bio-9443-exec-4]  WARN jts.internal.userregistry.ldap.LDAPServerValidator  - CRJAZ2149W An error occurred while validating the LDAP configuration.
javax.naming.CommunicationException:  [Root exception is java.net.UnknownHostException: localhost.com]


1
Shubjit Naik commented Jul 31 '13, 6:34 a.m.

Is the LDAP server running on the same server, localhost?


1
Krzysztof Kaźmierczyk commented Jul 31 '13, 6:42 a.m.

Hi Vishnudharan,
Thank you for server logs. The error message provided there is really interesting. What is the file name you have provided the fragment in latest comment? Is it SystemOut.log?
It could be be great if you provide the entire stack trace from the log.

Also could you try running following command on your server:
telnet localhost 389

Could you also provide the screen snapshot of all settings from ldap setup page?


vishnudharan manivannan commented Jul 31 '13, 7:47 a.m.

Apparently we found out that the Ldap server has a blocking firewall which is not allowing us to reach it. It is running on a different server. Thank you for the help !


vishnudharan manivannan commented Jul 31 '13, 9:29 a.m.

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?

Your answer


Register or to post your answer.