IBM Support

LDAP login functionality is broken after restoring the BigFix database

Troubleshooting


Problem

Restoring a full database backup to recover from a problem in BigFix causes the LDAP login functionality to break. Use these steps to recover from this condition.

Symptom

Potential error messages when either attempting to login to the console as an LDAP console operator or when attempting to access and create an LDAP directory within the console:

***********************
"Unexpected server error: class NoMatchingRecipient (error HTTP 500 in method /data/ldap-directories)
************************

***********************
Unexpected Error:

The IBM Console has encountered an error and is unable to complete your request.

If you choose to ignore this error, the application may be in an inconsistent state. If you choose to quit, you will lose any unsaved changes.

The diagnostic message is:

Unexpected server error: 19NoMatchingRecipient

Exit without saving | Ignore
***********************

Cause

Encryption signatures within the LDAP facility component are out of sync with security data signatures.

Resolving The Problem

The encrypted password needs to be set to to NULL by executing the following database query in the BigFix enterprise database. The the database content needs to be resigned by BESAdmin command.

1. Execute the following set of SQL statements in the BigFix database:

UPDATE LDAP_Settings
SET EncryptedPassword = NULL
WHERE LdapId='ldapIDfortheuserinthetable' << use the ldapid number from the database here.

2. Open a command prompt and cd to the BES Server directory (or wherever BESAdmin is).

3. Run BESAdmin.exe /resignSecurityData (on Windows). Or, ./BESAdmin.sh -resignsecuritydata -sitePvkLocation=<path+license.pvk> [ -sitePvkPassword=<password> ] -mastheadLocation=<path+actionsite.afxm> (on Linux)

4. Log in to the console as local Master Operator (MO).

5. Go to the LDAP Directories tree item.

6. Edit each LDAP Directory with the appropriate password and Save.

7. A restart of the BES Root Server service may be needed. Then test LDAP console login.

[{"Product":{"code":"SSBQVS","label":"IBM BigFix family"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"Edition Independent"}]

Document Information

Modified date:
17 October 2018

UID

swg21634777