Troubleshooting
Problem
You are trying to configure the Authentication module for LDAP using a Windows Domain Controller as the Authentication Server.
Symptom
Test Connection fails in the user interface.
Cause
This issue is explained in the following Microsoft document: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/ldap-paged-queries-subordinate-referrals-not-chased.
Diagnosing The Problem
In the QRadar logs /var/log/qradar.error, you should see a PartialResultException error message similar to:
com.q1labs.uiframeworks.shared.ldap.LdapClientException: An unexpected error occurred see exception for details - javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: xxxx.domain.org:636 [Root exception is java.net.SocketTimeoutException: connect timed out]
Resolving The Problem
- Log in to the QRadar Console as admin.
- On the navigation menu (
), click Admin. - Go to Authentication> Authentication Module Settings.
- In the Server URL field, instead of ports 389 or 636, use the port for the Global catalog.
-
3268 for non-SSL connection
-
3269 for SSL connection
-
- Click Save.
- On the Admin tab, click Deploy Change.
Results
After the deploy completes administrators can verify the change using the Text Connection feature in the user interface. If you continue to experience issues with the error message described in this technical note, open a case with QRadar Support.
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"TS004928948","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.4.0;7.4.1;7.4.2"}]
Was this topic helpful?
Document Information
Modified date:
30 April 2021
UID
ibm16415713