Troubleshooting
Problem
Following authentication error is received in systemout.log when running LDAPSYNC: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
Symptom
Following exception seen in systemout.log:
[11/21/13 9:39:16:617 EST] 00000038 SystemOut O [maximo-LDAPSYNC.
LDAPSYNC01][ERROR][SR ] BMXAA6765E - The LdapSyncCronTask could not be
started.
psdi.security.ldap.LdapSyncException: BMXAA6774W - The rootDSE
attribute for attribute name highestCommittedUSN was not found.
at psdi.security.ldap.ads.ActiveDirectorySynchronizer.
getRootDSEAttributeValue(ActiveDirectorySynchronizer.java:713)
at psdi.security.ldap.ads.ActiveDirectorySynchronizer.
determineSynchronizationNeed(ActiveDirectorySynchronizer.java:599)
at psdi.security.ldap.AbstractLdapSynchronizer.performSync
(AbstractLdapSynchronizer.java:274)
at psdi.security.ldap.LdapSyncTask.performTask(LdapSyncTask.
java:386)
at psdi.security.ldap.LdapSyncCronTask.cronAction
(LdapSyncCronTask.java:257)
at psdi.server.CronTaskManager.callCronMethod(CronTaskManager.
java:1556)
at psdi.server.CronTaskManager.access$400(CronTaskManager.java:
84)
at psdi.server.CronTaskManager$CronThread.run(CronTaskManager.
java:2074)
Caused by:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3045)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
2991)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
2792)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2706)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.
java:190)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.
java:208)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance
(LdapCtxFactory.java:151)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext
(LdapCtxFactory.java:81)
at javax.naming.spi.NamingManager.getInitialContext
(NamingManager.java:679)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.
java:259)
at javax.naming.InitialContext.init(InitialContext.java:235)
at javax.naming.ldap.InitialLdapContext.<init>
(InitialLdapContext.java:146)
at psdi.security.ldap.AbstractLdapSynchronizer.
createDefaultLdapContext(AbstractLdapSynchronizer.java:430)
at psdi.security.ldap.ads.ActiveDirectorySynchronizer.
getRootDSEAttributeValue(ActiveDirectorySynchronizer.java:691)
Cause
Correct ports not specified in Cron Task Setup application for LDAPSYNC cron task.
Environment
- ISDM 724 / TSAM 724 / MBS 7119
- DB2 97
- WAS 6
- Active Directory
- Management Server: Suse Linux 10.3
- Admin Server: n/a
Diagnosing The Problem
Enabled LdapSync logger to help with debugging the issue.
Resolving The Problem
To resolve this problem, following attributes need to be set to the correct values in the Cron Task Cron Task Setup Application for LDAPSYNC task:
Port -- 636
SSLEnabled -- true
SynchParmater -- globalcatalogport=3269
After making the above changes, you will need to reload the cron task and review the systemout.log to confirm the error is not seen.
Following are the combination for the Port and globalcatalogport settings:
If using SSL:
SSLEnabled: true (not 1)
Port: 636
Catalog Port :3269
If Not using SSL:
SSLEnabled: False (not 0)
Port: 389
Catalog Port: 3268
Here's are screen shots with these settings in place...
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21661771