Login too slow or times out, or invalid username or password error
After you set up an LDAP connection, you cannot log in to your product cluster console.
There are two symptoms for the same cause.
When you try to log in, the login process might take a long time, or might time out.
You might see the following error:
Invalid user name or password
The login failure is due to an LDAP error when Liberty looks up groups for the user. By default, Liberty searches which groups the user is a member of. It then searches which groups these groups are a member of. The message log shows the following error:
An FFDC Incident has been created: "com.ibm.wsspi.security.wim.exception.WIMSystemException: CWIML4520E: The LDAP operation could not be completed. The LDAP naming exception javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03152973, problem 2001 (NO_OBJECT), data 0, best match of: "
Resolving the problem
To resolve the issue, disable the
recursiveSearch parameter in the LDAP
Log in to your boot node with the
oc edit cm platform-auth-idp -n <your-foundational-services-namespace>
LDAP_RECURSIVE_SEARCH: "true"parameter value to
Save the changes.
auth-idppods by deleting the pods.
oc get pods -n <your-foundational-services-namespace> | grep auth-idp
oc delete pods <pod-name> -n <your-foundational-services-namespace>