Error while connecting to LDAP(Microsoft Active Directory) S

anilellendula · February 22, 2010, 1:31pm

Hi All,

i am getting below while connecting to the Microsoft Active Directory from IS,am working on webMethods 8.o version.

[2]2010-02-22 08:45:13 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14.
[1]2010-02-22 08 [1]2010-02-22 08 :45:12 CET [ISS.0002.0010E] Error querying for user anilk: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]

below are connection parameters
Directory URL :ldap://s100.ccs.nl:389
Principal
Credentials
Connection Timeout (seconds) :5
Minimum Connection Pool Size :0
Maximum Connection Pool Size :10
Synthesize DN DN Prefix
DN Suffix
Query DN UID Property :RG Level-2011
User Root DN :OU=UserAccounts,DC=ccs,DC=nl
Default Group : Administrators
Group Member Attribute :member
Group ID Property :RG Level-2011
Group Root :OU=Rechtengroepen,DC=ccs,DC=nl

PFA Of Connection Details,please help me on this ASAP.

Regards,
Anil Kumar E

rmg · February 22, 2010, 8:24pm

As you are using IS new version (8.0) did you contacted SAG tech support also,you can get faster resolution while you wait.

HTH,
RMg

anilellendula · February 23, 2010, 10:48pm

hi all,

attached my ldap connection vch conneted by Apache directory studio file name LDAPConnection1.jpeg and also attached ISLdapConnection.jpeg file integration server confiruration ,i can see groups in ACL Settings (See file ACLLdapGroups.jpeg) in integration server i have assigned group ‘RG Level-2011’ to Security—>ACLs (see file ACLLdapGroups assignto administrator ACL.jpeg),while connecto the integration server with user credentials of ‘RG Level-2011’ group getting below error
[366]2010-02-23 17:54:43 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14. see error.jpeg file

please any one help me to resolve this issue

regards,
anil kumar e

anilellendula · February 23, 2010, 10:49pm

attachemnts please find

anilellendula · February 24, 2010, 10:48pm

i downloaded Apache directory studio i can able to connect to AD sucessfully with Root DSE OU=Rechtengroepen,DC=ccs,DC=nl it has group CN=RG Level-2011 this group has all the users, i configured LDAP these settings in Integration Server i have given below details in ldap configuration in IS.

UID Property :cn
User Root DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Default Group :
Group Member Attribute :member
Group ID Property :cn
Group Root DN :OU=Rechtengroepen,DC=ccs,DC=nl

i can see groups in LDAP under Security—>ACLs and Assigned RG Level-2011 group to CentralUser ACL and CentralUserAdministrator ACL

while trying to connect IS(integration server), getting below error

[409]2010-02-24 15:15:11 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14.
[408]]
[407] ‘’
[406]2010-02-24 15:15:10 CET [ISS.0002.0010E] Error querying for user anilk: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, best match of:

After I have changed the configurations in integration server

UID Property :sAMAccountName
User Root DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Default Group :
Group Member Attribute :member
Group ID Property :sAMAccountName
Group Root DN :OU=Rechtengroepen,DC=ccs,DC=nl

Now on IS side i have configured CentralUSers ACL and CentralUserAdministrator ACL with ldap RG Level-2011 group

than trying to login IS Console givel below error CET [ISS.0053.0002C] Access denied for user anilk on port 5555 → ‘WmRoot/index.dsp’ from 172.25.6.14

than i have added ldap RG Level-2011 group to Administrator ACL,now i can login IS Console sucessfully.

if am trying to login mywebmethods server console getting below error

2010-02-24 15:52:28 CET (Framework:INFO) [RID:1001] - Processing request [1iskgdj7vbtm0:Guest] http://vms014:8585/user.current.start.page (POST)
2010-02-24 15:52:28 CET (Framework:INFO) [RID:1001] - Validate::handle() - failed to login

why am getting below error even though i have Assigned RG Level-2011 group to CentralUser ACL and CentralUserAdministrator ACL, is it must create ldap connection my webmethod server,it is enough to create in IS,in documentation mentioned better to create ldap connection in my webmethod server.

Service Enabled : Yes. This service is enabled
Connection Error Threshold (required) : 10
Provider URL (required) : ldap://localhost:389
Base DN (required) : OU=Rechtengroepen,DC=ccs,DC=nl
Groups DN:
User DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Security Principal (required) : D100\anilk
Security Credentials (required) :************
Search Timeout (required) : 0
Enable Default Wildcard Searches (required) : Yes. Enable default wildcard searches
Enable Group Across Directory Service (required) : No. Group Across Directory Service.

User Attributes:
User Object Class (required): organizationalUnit
User ID (required): sAMAccountName
Last Name (required): sn
First Name (required): givenName
Full Name (required): cn
E-mail Address (required): anilk@ccs.nl
Password (required): userpassword

Group Attributes:
Group Object Class (required): organizationalUnit
Group ID (required): sAMAccountName
Group Name (required): OU=Rechtengroepen,DC=ccs,DC=nl
Group Members (required): member
E-mail (required): anilk@ccs.nl

after creating connection if trying to search ldap groups under usermanagement—>groups given below error.

2010-02-24 18:10:20 CET (Framework:INFO) [RID:1221] - Processing request [1iskgdj7vbtm0:Administrator] http://vms014:8585/ (POST)
2010-02-24 18:10:20 CET (Framework:INFO) [RID:1222] - Processing request [1iskgdj7vbtm0:Administrator] http://vms014:8585/webm.apps.user.administration.groups (GET)
2010-02-24 18:10:21 CET (portlet:WARN) [RID:1222] - [POP.004.0004] An error occurred while formatting the Message Key “POP.012.0005.wm_dirsearchcontext”.
2010-02-24 18:10:24 CET (Framework:INFO) [RID:1223] - Processing request [1iskgdj7vbtm0:Administrator] http://vms014:8585/meta/default/wm_x...der/0000003211 (POST)
2010-02-24 18:10:24 CET (Framework:INFO) [RID:1224] - Processing request [1iskgdj7vbtm0:Administrator] http://vms014:8585/meta/default/wm_x...der/0000003211 (GET)
2010-02-24 18:10:25 CET (Framework:INFO) [RID:1225] - Processing request [1iskgdj7vbtm0:Administrator] http://vms014:8585/ (GET)

Note:

i have Doubt in user attributes

Last Name (required): sn
First Name (required): givenName
Full Name (required): cn
E-mail Address (required): anilk@ccs.nl
Password (required): userpassword

about last name, first name,full name,password(?) which user attribute i need to pass here,in group have lot of users in it

please help me on this.
regards,
anil kumar e

anilellendula · February 25, 2010, 4:54pm

Hi All,

thanks for reply,i have sucessfully connecto the LDAP From MWS and IS.

i have one question here, is it must ldap connection in IS and MWS servers,is ther any way like central user management with ldap connection OF IS or MWS

i tested with below stpes In IS to achieve.

1.deletd ldap connection in MWS
2. assigned ldap group to CentralAdministrator ACL and CentralUsers ACL in Settings–>ACLs in IS,but i could able to login MWS Admin console.

please help me to achieve central user manage with single ldap connection either in IS Or in MWS.

Regards,
Anil Kumar E

Daryl · March 11, 2010, 9:46pm

Based on the documentation with webMethods MWS and IS version 8, you can use Central User Management with LDAP on MWS and connect to it from IS. We have a support request open, because when I set up a role within MWS and add the LDAP users to it for ISAdminRole or ISDev, when I save the configuration, it loses the new role added to the ACLs in the IS.

Has anyone else seen this issue?

If I get a fix or suggestion, I will post it here. LDAP is working with MWS.

Daryl · March 12, 2010, 12:15am

I was able to add the roles from MWS to the ESB ACLs using Internet Explorer version 8. Software AG may be coming out with a fix for Mozilla based browsers like Firefox in the near future, but for now, I can use IE and all is well.

I am able to authenticate on the ESB using the Central Configuration and the roles assigned from MWS.

Any ?, please feel free to email me. Support indicated this was fixed in version 7.1.2 of webMethods ESB, but it may be back in webMethods 8.0, or Firefox made a change from version 3.5 to 3.6, which is the version I am using.