IBM Support

Cannot update expired password in Cognos when using Active Directory Lightweight Directory Services (ADLDS)

Troubleshooting


Problem

After submitting the form for the password change request on an expired credential, Cognos errors with
CAM-AAA-0056 Unable to authenticate:
image 9853

Symptom

Enable a custom AAA LDAP trace logging with the following parameter:
{ "loggerName": "Trace.CAM.AAA.Provider.LDAP", "level": "DEBUG", "additivity": true }

After replicating the issue, open your cognosserver.log and find the function 'ldap_modify_s' call. There's a return value of '19'.

2021-05-10T16:36:22.609+0800 DEBUG session.Audit.RTUsage.CAM.AAA.Provider.LDAP [Thread-54] 8Gdh28vs9hdhl4y9CMjsqls2C48s9h8djvvvld42 0 NA 10.100.1.125 9300 null 8Gdh28vs9hdhl4y9CMjsqls2C48s9h8djvvvld42_0_ AAA.Provider.LDAP 9420 CallEnd <function name="ldap_modify_s"><parameters></parameters><returnvalue><![CDATA[19]]></returnvalue></function>

Cause

LDAP return code 19 is a LDAP_CONSTRAINT_VIOLATION. More details here: LDAP Result Codes

This may happen if you've configured Cognos namespace account mappings to use the password attribute of 'unicodePwd'. This attribute has unique constraints and requirements which you need to discuss with your LDAP admin to understand more.

This isn't a Cognos issue. Replicating this outside of Cognos should also give you the same results, e.g. when using LDIFDE against 'unicodePwd'.

Resolving The Problem

Change Cognos to use a different password attribute. ADLDS supports both 'unicodePWD' and 'userPassword'.


In Cognos configuration, update your ADLDS namespace's account mapping password attribute-

from:

'unicodePWD'


to:

'userPassword'

image 9854

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6OAAS","label":"Installation and Configuration->Authentication"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
10 May 2021

UID

ibm16451509

Page Feedback