QRadar: The LDAP hover text feature fails to work

Troubleshooting

Problem

The LDAP hover text feature fails to work after encrypting the LDAP password. LDAP authentication errors are being displayed in qradar.log.

Symptom

In the /var/qradar/qradar.log you will see the following:

AuthenticationException error "[LDAP: error code 49 - 80090308: LdapErr:DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1^@]

Cause

The setup to provide LDAP hover over in the UI, requires the setup of a ldap.properties file. This file contains a hashed password that must be encrypted using the command:

/opt/qradar/bin/runjava.sh com.q1labs.core.util.PasswordEncrypt

If non-alphanumeric characters are used it would result in the hash not able to translate the characters.

Resolving The Problem

Before you Begin: This procedure only applies to QRadar appliances at version 7.2.7 or lower.

To resolve the issue run the command:

/opt/qradar/bin/runjava.sh com.q1labs.core.util.PasswordEncrypt

Note: Use single quotation marks for passwords that contain non-alphanumeric characters.

This hash then is placed in the ldap. properties file that was created in the ldap.password field.

Result: LDAP hover text feature now works with encrypted passwords.

For more information please refer to, IBM Knowledge Center - Displaying hover text for LDAP information.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Documentation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: The LDAP hover text feature fails to work

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?