wM 7.1.2 - problem login to IS using LDAP ID

Hi,

I have two 7.1.2 integration servers with exactly the same following configurations:

  1. Same LDAP configuration
  2. Same LDAP groups under “Administrators ACL”
  3. Same fixes
  4. Same extended settings etc.

I can login to both servers using local id. But with the LDAP id, I can login to one but not to the other.

When I check the server.log on second server, it shows:
[ISS.0053.0002C] Access denied for user userName on port 1100 → ‘WmRoot/index.dsp’ from 192.168.1.1

When I purposefully give the wrong password, it shows:
[ISS.0002.0034E] Invalid credentials connecting to ldaps://xyz.ldap.domain.com as uid=userName,ou=deptName,ou=orgName,dc=domain,dc=com
[ISS.0053.0002C] Access denied for user userName on port 1100 → ‘’ from 192.168.1.1.

What that means is, there is no problem authenticating the user in LDAP. But there is some issue in the IS that is not allowing the user to access it.

I saw the following exact post from 2005, but do not see any responses to it.
http://www.wmusers.com/forum/showpost.php?p=3572&postcount=8 (part of this thread http://www.wmusers.com/forum/showthread.php?p=3572#post3572)

Please let me know if anyone had faced this issue and was able to resolve it.

Thank you,
Anil

[QUOTE=anilmare;78059]
Hi,

I have two 7.1.2 integration servers with exactly the same following configurations:

  1. Same LDAP configuration
  2. Same LDAP groups under “Administrators ACL”
  3. Same fixes
  4. Same extended settings etc.

I can login to both servers using local id. But with the LDAP id, I can login to one but not to the other.

When I check the server.log on second server, it shows:
[ISS.0053.0002C] Access denied for user userName on port 1100 → ‘WmRoot/index.dsp’ from 192.168.1.1

What that means is, there is no problem authenticating the user in LDAP. But there is some issue in the IS that is not allowing the user to access it.

Hi Anil,

The error your getting seems to LDAP configuration issue only.
Option1:

Can you verify the below parameters inthe settings–>LDAP Directory on both the servers, is it same or different.

User Root DN : DC=company Name ,DC=com
Defultgroup :
Group Member Attribute : member
Group Id property : Cn
Group Root DN: DC=Company Name, DC=com.

OPtion2:

The above error seems to be that you’r not a member of any group which defned in the LDAP directory.

“The user should not be the Administrator account, but a user that has permission to query groups and group membership”.

Is It LDAP configured to MWS ,Can you verify it in MWS–>System-Wide–>User Management–>User tab

Regards,
Jeevan_Mjk

Jeevan,

I think the IS is connecting to the LDAP properly. There are two reasons why I say that:

  1. This is my production server and clients accessing web service on this server are authenticated using LDAP
  2. As I said in my original post, when I give wrong password, I can see “Invalid credentials” message in server log along with “Access denied”. Which means it is connecting to LDAP. But if I give correct password it just shows “Access denied”.

Again, my second server does not have this issue. And these two servers have exactly the same LDAP and ACL configuration.

  • Anil

[QUOTE=anilmare;78069]
Jeevan,

I think the IS is connecting to the LDAP properly. There are two reasons why I say that:

Hi Anil,

Can you share configuration details on both the Instance which has configured the LDAP directory.

Regards,
Jeevan_mjk