Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Cannot connect to LDAP directory CRJAZ1559W

Hi,

We are trying to install RTC 4.0 Tomcat with LDAP user registry. During installation process in the step 6 we get this error.

LDAP connection was attempted with warnings. Resolve warnings or click Next to continue.ID CRJAZ1559W.

Note : Already there is an existing RTC 4.0 instance configured with the same LDAP settings which is working perfectly fine. We are installating another instance RTC for dev environment.

Shouldn't there be 2 instances of RTC with same LDAP configurations ? Or how do i resolve this error ?

Thanks in advance..

0 votes


Accepted answer

Permanent link
+ what Krzysztof mentioned, this warning shows up if any of the ldap parameter values that you supplied in the "Setup User Registry" page doesn't match with your LDAP directory.
You have to ensure that the DN, User/Group property mappings etc are all correct.
You can either compare those with your working setup or use a ldap browser or dsquery(for AD only) to verify the parameters.

vishnudharan manivannan selected this answer as the correct answer

2 votes

Comments

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?


3 other answers

Permanent link
Hello Vishnudharan,
Definietely you should be able to use the same ldap with different RTC servers. Could you provide screen snapshot with error details? There are two technotes regarding this issue:

http://www-01.ibm.com/support/docview.wss?uid=swg21587363
http://www-01.ibm.com/support/docview.wss?uid=swg21501072

Can you check if at least one of them matches your issue?

Hope that it helps for you.

Best regards,
Krzysztof Kazmierczyk.

0 votes

Comments

Thank you for the response Krzystof. Unfortunately both the tech notes did not match my problem. While trying to Test the connection I get this error

"LDAP connection was attempted with warnings. Resolve warnings or click Next to continue.ID CRJAZ1559W
hide details
Cannot connect to LDAP directory "ldap://localhost:389".

Server logs :

013-07-31 15:21:46,648 [          http-bio-9443-exec-4]  WARN jts.internal.userregistry.ldap.LDAPServerValidator  - CRJAZ2149W An error occurred while validating the LDAP configuration.
javax.naming.CommunicationException:  [Root exception is java.net.UnknownHostException: localhost.com]

Is the LDAP server running on the same server, localhost?

1 vote

Hi Vishnudharan,
Thank you for server logs. The error message provided there is really interesting. What is the file name you have provided the fragment in latest comment? Is it SystemOut.log?
It could be be great if you provide the entire stack trace from the log.

Also could you try running following command on your server:
telnet localhost 389

Could you also provide the screen snapshot of all settings from ldap setup page?

1 vote

Apparently we found out that the Ldap server has a blocking firewall which is not allowing us to reach it. It is running on a different server. Thank you for the help !

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?


Permanent link

But now We get another error. It goes like

"In an attempt to connect to the LDAP registry, a problem was found with the LDAP configuration. One or more users in the LDAP registry, including the user "SEDCD015$", do not contain the e-mail address type of property named "cn". For more details, open the help system and search for this message ID.ID CRJAZ2305W "

What do we do now ?

1 vote


Permanent link
This is not really an error but a warning. As the error suggests, suppose you have mentioned "userId=sAMAccountName,name=cn,emailAddress=mail" in the user property name mapping, the system expects that userid,name and mail fields in the LDAP are mandatory to validate the user and essentially not blank for any user.

If you update the users with email addresses (not essentially valid ones), this warning will go away.

0 votes

Comments

So can I save the tomcat configuration files and proceed with the setup ? I have concern that during the final step in the setup process, the ldap sync might fail because it failed to sync for the first 3 or 5 users. So the remaining users in the list might not get the roles.

Please advice.

I am not too certain about it as I haven't tested this explicitly. However, suppose you are in Step 6 (configure user registry) of the  setup process, you can manually edit the url to step 7 to move on and see how it turn out. Then after completing the setup you can try to import the users from the ldap and see if it complains but I think it will not. On the contrary you can always come back after correcting the LDAP users and rerun the setup.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,117
× 88

Question asked: Jul 31 '13, 5:55 a.m.

Question was seen: 8,826 times

Last updated: Aug 01 '13, 3:25 a.m.

Confirmation Cancel Confirm