Error whilst connecting to LDAP (Microsoft Active Directory)Server

anilellendula · February 22, 2010, 1:33pm

Hi All,

i am getting below while connecting to the Microsoft Active Directory from IS,am working on webMethods 8.o version.

[2]2010-02-22 08:45:13 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14.
[1]2010-02-22 08 [1]2010-02-22 08 :45:12 CET [ISS.0002.0010E] Error querying for user anilk: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]

below are connection parameters
Directory URL :ldap://s100.ccs.nl:389
Principal
Credentials
Connection Timeout (seconds) :5
Minimum Connection Pool Size :0
Maximum Connection Pool Size :10
Synthesize DN DN Prefix
DN Suffix
Query DN UID Property :RG Level-2011
User Root DN :OU=UserAccounts,DC=ccs,DC=nl
Default Group : Administrators
Group Member Attribute :member
Group ID Property :RG Level-2011
Group Root :OU=Rechtengroepen,DC=ccs,DC=nl

PFA Of Connection Details,please help me on this ASAP.

Regards,
Anil Kumar E

anilellendula · February 23, 2010, 10:41pm

hi all,

attached my ldap connection vch conneted by Apache directory studio file name LDAPConnection1.jpeg and also attached ISLdapConnection.jpeg file integration server confiruration ,i can see groups in ACL Settings (See file ACLLdapGroups.jpeg) in integration server i have assigned group ‘RG Level-2011’ to Security—>ACLs (see file ACLLdapGroups assignto administrator ACL.jpeg),while connecto the integration server with user credentials of ‘RG Level-2011’ group getting below error
[366]2010-02-23 17:54:43 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14. see error.jpeg file

please any one help me to resolve this issue

regards,
anil kumar e

DevNull43 · February 24, 2010, 4:12am

I would say you wanted to configure LDAP on MWS, and yesterday I gave you the hint to set:

User ID (required) :sAMAccountName
Group ID (required) : sAMAccountName

Now on IS side you can configure CentralUSers!!

Still if you want to have separate users, you need to set also:
User ID: sAMAccountName
Group ID property: sAMAccountName

AD uses sAMAccountName attribute for those.

Please take a look at CentralUsers

anilellendula · February 24, 2010, 8:24pm

DevNull43,

yes you replied me yesterday in MWS after that i downloaded Apache directory studio i can able to connect to AD sucessfully with Root DSE OU=Rechtengroepen,DC=ccs,DC=nl it has group CN=RG Level-2011 this group has all the users, i configured LDAP these settings in Integration Server i have given below details in ldap configuration in IS.

UID Property :cn
User Root DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Default Group :
Group Member Attribute :member
Group ID Property :cn
Group Root DN :OU=Rechtengroepen,DC=ccs,DC=nl

i can see groups in LDAP under Security—>ACLs and Assigned RG Level-2011 group to CentralUser ACL and CentralUserAdministrator ACL

while trying to connect IS(integration server), getting below error

[409]2010-02-24 15:15:11 CET [ISS.0053.0002C] Access denied for user D100\anilk on port 5555 → ‘’ from 172.25.6.14.
[408]]
[407] ‘’
[406]2010-02-24 15:15:10 CET [ISS.0002.0010E] Error querying for user anilk: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, best match of:

After your sugesstions i have changed the configurations in integration server

UID Property :sAMAccountName
User Root DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Default Group :
Group Member Attribute :member
Group ID Property :sAMAccountName
Group Root DN :OU=Rechtengroepen,DC=ccs,DC=nl

Now on IS side you i have configured CentralUSers ACL and CentralUserAdministrator ACL with ldap RG Level-2011 group

than trying to logiv IS Console givel below error CET [ISS.0053.0002C] Access denied for user anilk on port 5555 → ‘WmRoot/index.dsp’ from 172.25.6.14

than i have added ldap RG Level-2011 group to Administrator ACL,now i can login IS Console sucessfully.

if am trying to login mywebmethods server console getting below error

2010-02-24 15:52:28 CET (Framework:INFO) [RID:1001] - Processing request [1iskgdj7vbtm0:Guest] [url]http://vms014:8585/user.current.start.page[/url] (POST)
2010-02-24 15:52:28 CET (Framework:INFO) [RID:1001] - Validate::handle() - failed to login

why am getting below error even though i have Assigned RG Level-2011 group to CentralUser ACL and CentralUserAdministrator ACL, is it must create ldap connection my webmethod server,it is enough to create in IS,in documentation mentioned better to create ldap connection in my webmethod server.

Service Enabled : Yes. This service is enabled
Connection Error Threshold (required) : 10
Provider URL (required) : ldap://localhost:389
Base DN (required) : OU=Rechtengroepen,DC=ccs,DC=nl
Groups DN:
User DN : OU=CCS Medewerkers,OU=CCS UserAccounts,DC=ccs,DC=nl
Security Principal (required) : D100\anilk
Security Credentials (required) :************
Search Timeout (required) : 0
Enable Default Wildcard Searches (required) : Yes. Enable default wildcard searches
Enable Group Across Directory Service (required) : No. Group Across Directory Service.

User Attributes:
User Object Class (required): organizationalUnit
User ID (required): sAMAccountName
Last Name (required): sn
First Name (required): givenName
Full Name (required): cn
E-mail Address (required): anilk@ccs.nl
Password (required): userpassword

Group Attributes:
Group Object Class (required): organizationalUnit
Group ID (required): sAMAccountName
Group Name (required): OU=Rechtengroepen,DC=ccs,DC=nl
Group Members (required): member
E-mail (required): anilk@ccs.nl

after creating connection if trying to search ldap groups under usermanagement—>groups given below error.

2010-02-24 18:10:20 CET (Framework:INFO) [RID:1221] - Processing request [1iskgdj7vbtm0:Administrator] [url]http://vms014:8585/[/url] (POST)
2010-02-24 18:10:20 CET (Framework:INFO) [RID:1222] - Processing request [1iskgdj7vbtm0:Administrator] [url]http://vms014:8585/webm.apps.user.administration.groups[/url] (GET)
2010-02-24 18:10:21 CET (portlet:WARN) [RID:1222] - [POP.004.0004] An error occurred while formatting the Message Key “POP.012.0005.wm_dirsearchcontext”.
2010-02-24 18:10:24 CET (Framework:INFO) [RID:1223] - Processing request [1iskgdj7vbtm0:Administrator] [url]http://vms014:8585/meta/default/wm_xt_fabricfolder/0000003211[/url] (POST)
2010-02-24 18:10:24 CET (Framework:INFO) [RID:1224] - Processing request [1iskgdj7vbtm0:Administrator] [url]http://vms014:8585/meta/default/wm_xt_fabricfolder/0000003211[/url] (GET)
2010-02-24 18:10:25 CET (Framework:INFO) [RID:1225] - Processing request [1iskgdj7vbtm0:Administrator] [url]http://vms014:8585/[/url] (GET)

Note:

i have Doubt in user attributes

               Last Name (required): sn
                First Name (required): givenName
                Full Name (required): cn
                E-mail Address (required): [email]anilk@ccs.nl[/email]
                Password (required): userpassword

about last name, first name,full name,password(?) which user attribute i need to pass here,in group have lot of users in it

please reply me ASAp.,thanks for earlier replies.

regards,
anil kumar e

DevNull43 · February 25, 2010, 3:37am

I use for User Attributes:
User Object Class (required): person
User ID (required): sAMAccountName
Last Name (required):sn
First Name (required):givenName
Full Name (required):displayName
E-mail Address (required):mail
Password (required):unicodePwd

Group Attributes:
Group Object Class (required):groupofuniquenames
Group ID (required):sAMAccountName
Group Name (required):displayName
Group Members (required):member
Group E-mail (required): mail

On IS side I only use CentralUsers for granting Developer access, so I add my LDAP role/group to Developers ACL. After that developers can log in, and none other, using Developer.

You seem to want to give other properties, so I suggest to look that package ACL’s and add your CentralUsers there.

anilellendula · February 25, 2010, 4:57pm

Hi All,

thanks for reply,i have sucessfully connecto the LDAP From MWS and IS.

i have one question here, is it must ldap connection in IS and MWS servers,is ther any way like central user management with ldap connection OF IS or MWS

i tested with below stpes In IS to achieve.

1.deletd ldap connection in MWS
2. assigned ldap group to CentralAdministrator ACL and CentralUsers ACL in Settings–>ACLs in IS,but i could able to login MWS Admin console.

please help me to achieve central user manage with single ldap connection either in IS Or in MWS.

Regards,
Anil Kumar E

system · September 3, 2021, 6:33am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.