IBM Support

MustGather: LDAP problems on IBM API Connect v10

Question & Answer


Question

What information needs to be collected to help IBM Support troubleshoot LDAP problems and how to collect it?

Answer

This page intent to illustrate what data is needed for LDAP problems on IBM API Connect v10.
The following information describes the documentation needed by IBM Support to investigate LDAP issues:
1. Describe the issue:
  1. Provide detailed problem description that includes error messages or unexpected results. 
  2. Provide screen captures, which is helpful to illustrate the errors and unexpected results.
  3. Provide details regarding the configuration of the LDAP.
2. Answer the following questions:
  • Which UI you are experiencing the issue with? Are you using LDAP for managing users in the Developer Portal, Cloud Manager UI, or API Manager UI?
  • Is this configuration a new LDAP configuration or an existing one?
  • Are you using LDAP for API authentication (API security definitions)?
  • Are you using a writable or nonwritable (read-only) LDAP server?
  • Are you using a group mapping? 
  • Are you using LDAP over SSL/TLS? If yes, is it working using LDAP non TLS?
  • Is this issue happening for a specific user or all the users from a specific group or any users from the configured LDAP server?
  • Provide specific users or sample usernames experiencing the issue.
3. Re-create the issue and collect postmortem logs (from ALL the Management nodes in the cluster):
Collect and upload the Management subsystem and Developer Portal subsystem:
Download the latest postmortem tool: v10-postmortem.
  • Execute: ./apic-mustgather
4. Test with an LDAP utility tool.
Sometimes the issue could be with the search parameters being used to find the user and might not have anything to do with API Connect.  Running tests from other LDAP utility tools would help IBM Support better understand the issues.
  1. Are you able to find the specific user by using other LDAP utility tools such as ldapsearch? 
  2. Share the search string being used and the response from it.
We recommend use of an LDAP utility and share the results. 

[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"ARM Category":[{"code":"a8m50000000L0rvAAC","label":"API Connect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.0"}]

Document Information

Modified date:
23 April 2024

UID

ibm16855645

Page Feedback