Hi,
There exists a problem in communication between the myWebmethods Server
7.1.2
and the IBM Tivoli Directory Server 6.2.
The directory server is used as authentication & authorization container
for the myWebmethods Server application.
The first user login is handled successfully, but then all the
subsequent login
requests fail due to the fact that the IBM Tivoli Directory Server 6.2
returns an
unwillingToPerform(53) for the LDAP search requests.
I’ve made several attempts to attack this problem, but didn’t find so far a solution.
This could be a LDAP server issue, but there are some things I’ve identified while doing some TCP dumps for the LDAP communication between the MWS server and the LDAP container.
- after the authentication&authorization for the user vsypip there is
made also a search for a series (10) of subgrroups from cn=appgroups, cn=groups,
dc=uniqa
(|(objectClass=*)(objectClass=ldapsubentry))
- after this step there are made the following searches
(&(objectclass=groupofuniquenames)((cn=APP-IM-ProcessManager)))
→ see here ((cn=APP-IM-ProcessManager)) incorrect query
(&(objectclass=groupofuniquenames)((cn=APP-IM-Administrator)))
→ idem ((cn=APP-IM-Administrator)) incorrect query
(&(objectclass=groupofuniquenames)((cn=APP-IM-Revision)))
→ idem ((cn=APP-IM-Revision)) incorrect query
(&(objectclass=groupofuniquenames)((cn=APP-IM-Creator)))
→ idem ((cn=APP-IM-Creator)) incorrect query
- after this step there is made a search :
baseObject :
cn=app_ebf_ld-wien_allgemeine-verwaltung,cn=appgroups,cn=groups,dc=uniqa
filter : (|(objectclass=*)(objectclass=ldapsubentry))
and for this query and all the susequent queries the response is
unwillingToPerform (53)
mWS possible bugs
As can be seen from this captures the same connection (watch for the search
request number in the capture files) is used for making search /bind operations
to LDAP although in the mWS server configuration there exists this
configuration panel :
which means (I suppose) that the connection to LDAP server should be renewed
every 10 minutes - which doesn’t actually happen.
While doing tcp dump captures I have observed that also for a
different connection there is unwillingToPerform response returned for search requests.
A peculiar thing related to the LDAP search requests made by the mWS server is
the value of the pagedResultsControl
As you can see from the image attached to the issue, the chosen size for a page is : 21474900
and I don’t see any explanation to that.
IMO the problem relies on the installation/configuration of the IBM Tivoli
Directory Server 6.2 and more exactly to some settings regarding the
pagedResultsControl (paged searches), but if there is anybody who faced this problem before me please give me some clues regarding this problem.
