Login too slow or times out, or invalid username or password error
After you set up an LDAP connection, you cannot log in to your product cluster console.
Symptoms
There are two symptoms for the same cause.
-
When you try to log in, the login process might take a long time, or might time out.
-
You might see the following error:
Invalid user name or password
Cause
The login failure is due to an LDAP error when Liberty looks up groups for the user. By default, Liberty searches which groups the user is a member of. It then searches which groups these groups are a member of. The message log shows the following error:
An FFDC Incident has been created: "com.ibm.wsspi.security.wim.exception.WIMSystemException: CWIML4520E: The LDAP operation could not be completed. The LDAP naming exception
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03152973, problem 2001 (NO_OBJECT), data 0, best match of:
"
Resolving the problem
To resolve the issue, disable the recursiveSearch
parameter in the LDAP server.xml
file.
-
Log in to your boot node with the
oc login
command. -
Edit the
platform-auth-idp
configmap.oc edit cm platform-auth-idp -n <your-foundational-services-namespace>
-
Change the
LDAP_RECURSIVE_SEARCH: "true"
parameter value toLDAP_RECURSIVE_SEARCH: "false"
. -
Save the changes.
-
Restart the
platform-auth-service
pods by deleting the pods.-
Get the
platform-auth-service
pod names.oc get pods -n <your-foundational-services-namespace> | grep platform-auth-service
-
Delete the
platform-auth-service
pod.oc delete pods <pod-name> -n <your-foundational-services-namespace>
-