Common LDAP authentication errors
LDAP performance is dependent on the particular LDAP server environment that you are using. Your LDAP administrator is your first point of contact for authentication and performance issues.
2013-01-02T09:34:14: Error: E-ALD-102-027: No LDAP user found with base dn ou=Tivoli,ou=SWG,o=ibm and filter (cn=Notin Ldap)
2013-01-02T09:34:14: Error: E-ALD-102-027: No LDAP user found with base dn ou=Tivoli,ou=SWG,o=ibm and filter (cn=Notin Ldap)
2013-01-02T09:34:14: Information: I-SEC-104-003: Cannot authenticate user "Notin Ldap" with external source. Error = "User not found"
2013-01-02T09:34:14: Information: I-SEC-104-002: Cannot authenticate user "Notin Ldap": Not authenticated
2013-01-02T09:34:14: Error: E-OBX-102-023: Failed to authenticate user Notin Ldap. (-3602:Not authenticated)
2013-01-02T09:34:14: Error: E-OBX-102-057: User Notin Ldap@examplehost.ibm.com failed to login:
Not authenticated
2013-01-02T09:31:00: Error: E-SEC-010-002: authentication failure - cannot authenticate user "Notin Ldap" : Not authenticated
To resolve the problem, contact the LDAP administrator and determine whether the user exists in LDAP and that the ObjectServer has search access to that user. If the user exists in LDAP, verify that you are using the correct base distinguished name and search filter. Check the values that are specified for the LDAPSearchBase and LDAPSearchFilter properties.
If the LDAP search and filter properties are correct, verify with your LDAP administrator that the user account specified by the LDAPBindDn and LDAPBindPassword properties has authority to run LDAP searches. If the ObjectServer is anonymously binding to LDAP, verify that the directory and users that you want to search are configured to allow anonymous read access.
2013-01-02T16:13:39: Information: I-ALD-104-006: About to bind to LDAP server for user cn=User One,ou=OMNIbus,ou=Tivoli,ou=SWG,o=ibm
2013-01-02T16:13:39: Error: E-ALD-102-016: Failed to bind to LDAP server for user cn=User One,ou=OMNIbus,ou=Tivoli,ou=SWG,o=ibm. (49:Invalid credentials)
2013-01-02T16:13:39: Error: E-ALD-102-011: LDAP Server message received during bind.
2013-01-02T16:13:39: Information: I-ALD-104-006: About to bind to LDAP server for user cn=User One,ou=OMNIbus,ou=Tivoli,ou=SWG,o=ibm
2013-01-02T16:13:39: Error: E-ALD-102-016: Failed to bind to LDAP server for user cn=User One,ou=OMNIbus,ou=Tivoli,ou=SWG,o=ibm. (49:Invalid credentials)
2013-01-02T16:13:39: Error: E-ALD-102-011: LDAP Server message received during bind.
2013-01-02T16:13:39: Information: I-SEC-104-003: Cannot authenticate user "User One" with external source. Error = 'Invalid credentials'.
2013-01-02T16:13:39: Information: I-SEC-104-002: Cannot authenticate user "User One": Not authenticated
To resolve the problem, provide the correct password.
2013-01-02T16:13:52: Error: E-ALD-102-028: Multiple LDAP users with base DN 'ou=Tivoli,ou=SWG,o=ibm' and filter '(cn=User Two)'
2013-01-02T16:13:52: Error: E-ALD-102-028: Multiple LDAP users with base DN 'ou=Tivoli,ou=SWG,o=ibm' and filter '(cn=User Two)'
2013-01-02T16:13:52: Information: I-SEC-104-003: Cannot authenticate user "User Two" with external
source. Error = 'LDAP user not unique'.
2013-01-02T16:13:52: Information: I-SEC-104-002: Cannot authenticate user "User Two": Not authenticated
2013-01-02T16:13:52: Error: E-OBX-102-023: Failed to authenticate user User Two. (-3602:Not authenticated)
2013-01-02T16:13:52: Error: E-OBX-102-057: User User Two@examplehost.ibm.com failed to login
: Not authenticated
2013-01-02T16:13:39: Information: I-SEC-104-002: Cannot authenticate user "User Two": Not authenticated
To resolve the problem, contact your LDAP administrator.
2013-01-04T16:17:57: Error: E-ALD-102-026: Failed to perform search on LDAP server with base dn 'ou=bluepages,o=ibm.com' and filter '(cn=Test User)': 81:Can't contact LDAP server
2013-01-04T16:17:57: Information: I-SEC-104-003: Cannot authenticate user "Test User" with external source. Error = 'Can't contact LDAP server'
2013-01-04T16:34:42: Error: E-ALD-102-012: ldap_open failed to LDAP server. Host exampleserver.ibm.com. Port 389. Error - 145:Connection timed out.
To resolve the problem, verify that the LDAP server is running, that the connection is not blocked by a firewall, and that the correct LDAP port is specified for the Port property in the LDAP properties file.
These messages can also be logged when the LDAP server requires bind security but the ObjectServer is configured for anonymous bind. If the ObjectServer is configured for anonymous bind, contact your LDAP administrator to check whether the LDAP setup requires bind security.
2013-01-07T11:34:46: Debug: D-ALD-105-005: About to issue LDAP search with filter '(&(cn=User Five)(|(ou=Tivoli)(ou=Webtop))'
2013-01-07T11:34:46: Error: E-ALD-102-026: Failed to perform search on LDAP server with base dn 'ou="Tivoli",ou=SWG,o=ibm' and filter '(&(cn=User Five)(|(ou=Tivoli)(ou=Webtop))': 87:Bad search filter
ldapsearch: ldap_search_ext: Bad search filter (-7)
To resolve the problem, contact your LDAP administrator for help with formulating the search query.
2013-01-07T15:16:08: Error: E-AUT-102-026: Failed to perform search on LDAP server with base dn 'ou="Tivoli",ou=SWG,o=ibm' and filter '(cn=A User)': 85:Timed out
To resolve the problem, contact your LDAP administrator for help with improving query performance.
On Windows operating systems, you must save the LDAP properties file in UTF-8 encoding when the ObjectServer is configured to run with UTF-8 enabled.
2013-05-23T10:45:27: Warning: W-ETC-102-003: Invalid character 0xf4 found when converting to Unicode.
2013-05-23T10:45:27: Warning: W-ETC-102-003: Invalid character 0xf4 found when converting to Unicode.
2013-05-23T10:45:27: Warning: W-ETC-102-003: Invalid character 0xf4 found when converting to Unicode.
...
...
2013-05-23T10:45:54: Debug: D-AUT-105-005: About to issue LDAP search with filter ’(uid=yaya)’ and base dn ’ou=plut...t,dc=HURSLEY,dc=IBM,dc=COM’
2013-05-23T10:45:54: Error: E-AUT-102-034: LDAPSearch returned ’NO_SUCH_OBJECT’. Verify that LDAPSearchBase has been correctly specified and the base DN object ’ou=plut...t,dc=HURSLEY,dc=IBM,dc=COM’ exists
To encode the properties file as UTF-8, open it in Windows Notepad and use the Save As... command to save a new version. Use the existing file name, ldap.props. You must then restart the ObjectServer so that it reads the updated properties file.