Troubleshooting LDAP connection issues

Use this information to troubleshoot possible Lightweight Directory Access Protocol (LDAP) connection issues.

About this task

During the LDAP authentication process, general authentication or internal authentication failures might occur, that can prevent a successful login. General authentication failures are due to incorrect user name and password entries. Internal authentication failures can be caused by any of the following errors:
  • connection error
  • connection timeout
  • filter syntax error
  • search attribute error
  • communication error
  • resource shortage error
In any case, the following message is displayed:
Your user name or password is not valid.
When a user reports that they cannot log in to the system, even though they are typing the correct password, the administrator can review system events to find out what is causing the authentication issue.
Note: Numerous types of events might be recorded in the system log. To only view LDAP events, sort them by changing the Type field to LDAP. If LDAP does not appear in the list, that means that no LDAP connection issues were detected.
A message might be displayed in the log, similar to the following example: 
CWZIP4665W: The connection to LDAP has failed. The following error occurred: CommunicationException: 172.16.248.10:389

This message communicates that an error occurred during a connection attempt to the LDAP server, which might be due to an incorrect Cloud Pak System Software login. It can also be caused by a mis-configured parameter under the LDAP settings tab. To troubleshoot LDAP connection failures, complete the following procedure:

Procedure

  1. Review the event details for the exception that was caught. To access the system event logs, click System > Events. When you receive an internal error during LDAP authentication, an event entry is created of the type “LDAP.” The following example shows a possible exception:
    CommunicationException: Connection Timed Out
  2. Ensure that the LDAP settings are correct. To verify, click System > Security.
    Note: If a login failure is reported, and the event log does not contain an entry specifying that the connection to the LDAP server has failed, then the log in failure is more likely to be a general authentication issue.

Results

A resolution event entry is created on the Events page, that informs you that the connection to the LDAP server has been restored, following an internal error with the LDAP server. The event is generated only once a successful request to the LDAP server has been made. You might see a message similar to the following example:

CWZIP4666I: The connection to LDAP has been restored.