Troubleshooting
Problem
After approximately one hour, the impact pods cannot communicate with LDAP
Symptom
The login to the Impact UI fails. Restarting the impactgui pod will fix this issue but after logging in the connection to the backend impact pod cannot be made, so no policies/services etc. can be seen in the Impact UI.
Diagnosing The Problem
The messages.log for the nciserver pod will show this error
Caused by: com.ibm.wsspi.security.wim.exception.WIMSystemException: CWIML4520E: The LDAP operation could not be completed. The LDAP naming exception javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'ou=NETCOOL,ou=INFRA,DC=ES,DC=AD,DC=ADP,DC=com'; resolved object com.sun.jndi.ldap.LdapCtx@555a7767 occurred during processing.
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:1572)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.checkSearchCache(LdapConnection.java:1313)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:1855)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.searchEntities(LdapConnection.java:1923)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.loginImpl(LdapAdapter.java:670)
at com.ibm.ws.security.wim.adapter.ldap.LdapAdapter.login(LdapAdapter.java:562)
at com.ibm.ws.security.wim.ProfileManager.loginImpl(ProfileManager.java:1792)
... 52 more
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'ou=NETCOOL,ou=INFRA,DC=ES,DC=AD,DC=ADP,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3311)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3217)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3008)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1887)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1810)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:404)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:370)
at org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:348)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:287)
at com.ibm.ws.security.wim.adapter.ldap.context.TimedDirContext.search(TimedDirContext.java:413)
at com.ibm.ws.security.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:1495)
... 58 more
Resolving The Problem
A code fix for this issue will be available in NOI 1.6.8
In the meantime, edit the releasename-impactgui-startup-scripts and releasename-nciserver-startup-scripts config maps to add the following sed command to the Pre server startup script:
#
# Pre server startup script
#
echo "Running pre-server startup custom scripts"
sed -i "s/<\/ldapRegistry>/<contextPool enabled=\"false\"\/> <\/ldapRegistry>/g" /opt/IBM/tivoli/impact/wlp/usr/shared/config/ldapRegistry.xml
Then scale down and up the impact pods for these changes to take effect.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTPTP","label":"Netcool Operations Insight"},"ARM Category":[{"code":"a8m500000008ZtnAAE","label":"Impact-\u003EImpact Server"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.6.6"}]
Was this topic helpful?
Document Information
Modified date:
19 December 2022
UID
ibm16848865