MustGather for Cloud Pak System and/or PureApplication System LDAP and Logon issues

Troubleshooting

Problem

Cloud Pak System and/or PureApplication System security settings can be configured to authenticate logon by using an LDAP server. If login fails or an event is displayed on the Cloud Pak System and/or PureApplication System event console with event type LDAP, use the following steps to work with IBM support to diagnose the issue.

Cause

You may fail to login to Cloud Pak System and/or PureApplication System or see the following event

CWZIP4665W The connection to LDAP has failed. The following error occurred: CommunicationException

Diagnosing The Problem

Check these known problems first

Review the troubleshooting information that is provided in the Information Center links in the following References section. Make sure the LDAP host name gets resolved Select System > System Settings > Domain Name Service. Enter the LDAP host name under ‘Lookup host name or IP address' section. If the lookup fails, the host name or IP address is the cause of the failed connection to LDAP.

Resolving The Problem

If not resolved, gather this information for IBM Support

The System collection set: Log in to Cloud Pak System and/or PureApplication System with a local administrative user ID that is not defined in LDAP. Select System > System Troubleshooting > Collect System logs... Select Collection Set named PureSystems Manager management (most common). Follow the prompts. Use the download icon when the collection set is available or incomplete A screen capture of the LDAP connection settings and LDAP test result: Select System > System Security Use the three Test LDAP authentication Settings tests for user name, group name, and membership and create a screen capture of the results of each. Create a screen capture of the LDAP settings. You might want to use ldapsearch, the LDAP search tool, to gather more information to complement the Cloud Pak System and/or PureApplication logs and gather the data organization on the LDAP server. You can run the ldapsearch from any system that has a connection to the LDAP server. (Hints: locate ldapserach under the OpenLDAP package in Cygwin for Windows or it is preinstalled if you use SuSE Linux Server) This illustrates a Cloud Pak System and/or PureApplication LDAP configuration mapping to ldapsearch parameters: This is the Cloud Pak System and/or PureApplication LDAP configuration page search filter mapping to ldapsearch. The {0} in the search filters are substituted with the user input, in this case “user1”

Contacting IBM Support and sending in your information

Use the following technotes to contact IBM Support and send in the MustGather information: Contacting IBM Cloud Pak System Support to open a PMR. Use the IBM Secure Diagnostic Data Upload Utility also called the Java Utility to upload the PureApplication System collections to greatly reduce the time to upload large files. Exchanging information with IBM Cloud Pak System and/or IBM PureApplication System Technical Support for problem determination. Review the IBM Cloud Pak System/PureApplication System Customer Support Plan Do not send any confidential information from your company.

Related Information

Information Center: Troubleshooting LDAP connection issues

Information Center: Troubleshooting LDAP logon error messages

Information Center: Testing LDAP authentication setting

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"Component":"Security","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"Component":"Security","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSM8NY","label":"PureApplication System"},"Component":"Security","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"","label":""}}]

Tips