Troubleshooting
Problem
LDAP users are unable to login to the IBM® Security Guardium® GUI
Symptom
None of the LDAP users are able to login to the gui of the appliance.
The built-in users "admin", "accessmgr" are successfully able to authenticate and login to gui.
Cause
LDAP account locked out.
Environment
- Managed Environment : All the appliances involved in the given Central Manager (CM) hierarchy, including the CM will encounter the login issue for LDAP users
- Standalone Appliance : Only the standalone appliance will have the login issue for the LDAP users
Diagnosing The Problem
Diagnosis of the problem can be done using debugging the login attempt.
- Use one of the application debug methods that are available (must_gather OR manual method).
- Attempt the ldap user login on the gui
- check the debug-logs.
- Verify and check for the presence of below message trace in the debug logs.
==============day mon date hh:mm:ss ZONE YYYY=================== Thread: http-bio-8443-exec-575 - javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 532, v2580^@] |
Resolving The Problem
The error code presented in the trace message corresponds to the LDAP account being locked out.
Once the LDAP account is unlocked, with the correct password, the login should work.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
27 May 2020
UID
ibm16215317