Cannot search for LDAP users and groups

Users and groups that originate from an LDAP directory are not shown in the realm when you search on the Manage Users page or the Manage Groups page.

The following exception is written to the SystemOut.log log file:

com.ibm.ws.wim.adapter.ldap.LdapConnection search(String, String, Object[], 
SearchControls)CWWIM4520E The 'javax.naming.NameNotFoundException: 
[LDAP: error code 32 - 0000208D:NameErr: DSID-031001A8, problem 2001 
(NO_OBJECT), data 0, best match of:
''

Cause

In the realm, the configuration of the repository for the LDAP directory is lacking the properties for the base search entry for the repository in the realm and in the LDAP directory.

Resolution

  1. From your LDAP administrator, obtain the base search entry.
  2. In Tivoli Integrated Portal, click Console Settings > Websphere Administrative Console > Security > Global Security > Federated repositories. Click the link under Base entry that corresponds to the LDAP directory.
  3. Ensure that the following fields contain valid entries:
    Distinguished name of a base entry that uniquely identifies this set of entries in the realm
    Type the root entry for the LDAP directory in the realm.
    Distinguished name of a base entry in this repository
    Type the root of the subtree in the LDAP directory for the objects that you want to be added to the repository in the realm. For example, if you want all users in the dc=ibm,dc=com subtree to be added to the repository, type dc=ibm,cd=com.
  4. Save your changes and restart the server.