Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2013-01-22T09:15:41Z by HermannSW
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic ldap-search() call to Oracle Virtual Directory

‏2013-01-22T04:09:56Z |
Hi All,

We have a customer requirement where we are doing ldap-search call for user group lookup to Active directory (LDAP).Recently due to acquisition there is a small change and now we have to call Ldap via Oracle virtual directory. DP -> OVD-> LDAP ...In this call success scenarios are working fine but for error scenarios we are getting empty <LDAP-search-results/> tag instead of XML error message of <LDAP-search-error><error></error></LDAP-search-error>. Due to this our logic to handle error scenario is failing.

When OVD guy checked the same using java client we get below errors:

AD error
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

OVD error
javax.naming.AuthenticationException: [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

If we see both error looks similar but for OVD, DP is not formatting proper error xml.Our DP firmware version is 3.7.3 and 4.0.1. For both we are facing same problem. Please advise.

Thanks,
Noopur
Updated on 2013-01-22T09:15:41Z at 2013-01-22T09:15:41Z by HermannSW
  • HermannSW
    HermannSW
    4500 Posts
    ACCEPTED ANSWER

    Re: ldap-search() call to Oracle Virtual Directory

    ‏2013-01-22T09:15:41Z  in response to SystemAdmin
    Is it possible to (temporarily) access the LDAP directly from DataPower again?
    If so, just create packet captures with DP going against LDAP directly and going against OVD.
    Inspecting responses in "Follow TCP Stream" for both (eg.in Wireshark) may tell you the difference.
    Since direct LDAP response works, probably OVD does not return correct response.

    If you cannot identify the issue, please create a PMR.
    But please for the 4.0.1 box -- 3.7.3 had end of service 12/2011, and even 3.8.1 had end of service 12/2012.

     
    Hermann<myXsltBlog/> <myXsltTweets/>