We have a customer requirement where we are doing ldap-search call for user group lookup to Active directory (LDAP).Recently due to acquisition there is a small change and now we have to call Ldap via Oracle virtual directory. DP -> OVD-> LDAP ...In this call success scenarios are working fine but for error scenarios we are getting empty <LDAP-search-results/> tag instead of XML error message of <LDAP-search-error><error></error></LDAP-search-error>. Due to this our logic to handle error scenario is failing.
When OVD guy checked the same using java client we get below errors:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
javax.naming.AuthenticationException: [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
If we see both error looks similar but for OVD, DP is not formatting proper error xml.Our DP firmware version is 3.7.3 and 4.0.1. For both we are facing same problem. Please advise.
This topic has been locked.
1 reply Latest Post - 2013-01-22T09:15:41Z by HermannSW
Pinned topic ldap-search() call to Oracle Virtual Directory
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-22T09:15:41Z at 2013-01-22T09:15:41Z by HermannSW
HermannSW 2700006U544360 PostsACCEPTED ANSWER
Re: ldap-search() call to Oracle Virtual Directory2013-01-22T09:15:41Z in response to SystemAdminIs it possible to (temporarily) access the LDAP directly from DataPower again?
If so, just create packet captures with DP going against LDAP directly and going against OVD.
Inspecting responses in "Follow TCP Stream" for both (eg.in Wireshark) may tell you the difference.
Since direct LDAP response works, probably OVD does not return correct response.
If you cannot identify the issue, please create a PMR.
But please for the 4.0.1 box -- 3.7.3 had end of service 12/2011, and even 3.8.1 had end of service 12/2012.