Layer7 Access Management

Expand all | Collapse all

what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

  • 1.  what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-23-2015 03:15 PM

    What are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    because when i configured, I'm ended up in error saying that.

    error occurred while preparing statement <sql query scheme name>

    failed to find the vaid identity of the user.

    Anyone faced this kind of issue? Help would be much appreciated.

    Thanks,

    Venga



  • 2.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-23-2015 09:54 PM

    I have the exact same issue. Error while preparing statement. No ODBC query gets executed. I have a support request in for it but no updates from CA.



  • 3.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-23-2015 10:40 PM

    What version is it Venga Venga

     

    • What version of PolicyServer are you on?
    • Are you using Universal ID for Identity Mapping?
    • Have you made sure Universal ID field in both User Directory Object is populated.

     

    I recollect testing using LDAP and LDAP; If I find time, I may quickly re-validate with LDAP and OBDC using Universal ID.

     

    I know there have been issues with Identity Mapping in R12.52 SP1; so it may be a Support Ticket and defect for Engineering to fix.

     

    I too have raised Support Ticket for IdentityMapping space (Just for Info).

     

    00046619: Identity Mapping UI Display

    00050144: IdentityMapping and XPSExport

     

     

    Regards

     

    Hubert



  • 4.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-24-2015 03:05 PM

    Hi Hubert,

     

    • What version of PolicyServer are you on?

              Policy Server-12.52.1.154

    • Are you using Universal ID for Identity Mapping?

              1st, I have tried with Universal ID-> same error mentioned above.

              So tried with custom search but still same error i'm getting.

    • Have you made sure Universal ID field in both User Directory Object is populated.

              Both my Auth Dir and Az Dir are populated with Universal ID in the attributes section.

     

    I'm really struck at this moment without any clear logs in siteminder. Let me know if you have any solution for this.

     

    Thanks,

    Venga



  • 5.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-25-2015 03:46 PM

    Unfortunately Venga

     

    This looks like a functional issue in the product. You'll need to engage via CA Support.

     

     

    SMTRACEDEFAULT.log

    [03/25/2015][15:36:41.803][2254][3993791344][SmDsLdapProvider.cpp:2195][CSmDsLdapProvider::Search][][Ldap Search callout succeeds.][][][][(Search) Base: 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com', Filter: 'objectclass=*'. Status: 1 entries][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.807][2254][3993791344][SmAzMapping.cpp:1381][CSmAzMapping::BuildMapContext][][Leave function CSmAzMapping::BuildMapContext][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.808][2254][3993791344][SmAzMapping.cpp:1393][CSmAzMapping::ResolveAzTargetDir][][Enter function CSmAzMapping::ResolveAzTargetDir][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.808][2254][3993791344][SmAzMapping.cpp:1409][CSmAzMapping::ResolveAzTargetDir][][Leave function CSmAzMapping::ResolveAzTargetDir][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.809][2254][3993791344][SmAzMapping.cpp:1424][CSmAzMapping::CompareSourceUd][][Enter function CSmAzMapping::CompareSourceUd][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.810][2254][3993791344][SmAzMapping.cpp:1472][CSmAzMapping::CompareSourceUd][][Leave function CSmAzMapping::CompareSourceUd][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.811][2254][3993791344][SmAzMapping.cpp:1487][CSmAzMapping::EvalUnivMap][][Enter function CSmAzMapping::EvalUnivMap][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.881][2254][3993791344][SmAuthUser.cpp:710][GetDsUserProp][][Enter function GetDsUserProp][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.882][2254][3993791344][SmAuthUser.cpp:2182][CSmAuthUser::GetPropIndex][][Enter function CSmAuthUser::GetPropIndex][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.882][2254][3993791344][SmAuthUser.cpp:2213][GetPropIndex][][Processing Attribute [Property = SM_USERSESSIONUNIVID] [Trim Property = SM_USERSESSIONUNIVID] [Separator = ^]][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.882][2254][3993791344][SmAuthUser.cpp:2514][CSmAuthUser::GetPropIndex][][Leave function CSmAuthUser::GetPropIndex][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.883][2254][3993791344][SmAuthUser.cpp:738][GetDsUserProp][][Leave function GetDsUserProp][][][][][][][][][][][][][][][6][][][][][][][][][][]

    [03/25/2015][15:36:41.887][2254][3993791344][SmAzUserDirAttributesCache.cpp:568][CSmAzUserDirAttributesCache::Add][][Unable to retrieve a UserObjectFilter attribute for UserDirectory ud_msSQL2K12][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.887][2254][3993791344][SmAzUserDirAttributesCache.cpp:580][CSmAzUserDirAttributesCache::Add][][Unable to retrieve a UserObjectClass attribute for UserDirectory ud_msSQL2K12][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.901][2254][3993791344][SmAzMapping.cpp:1513][CSmAzMapping::EvalUnivMap][][Expression [UNIVERSAL_MAP('ud_msSQL2K12')] evaluated to [Name='AAAAAA']][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.921][2254][3993791344][SmAzMapping.cpp:1557][CSmAzMapping::EvalUnivMap][][Leave function CSmAzMapping::EvalUnivMap][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.922][2254][3993791344][SmDsOdbcProvider.cpp:967][SmDsOdbcProvider::Search][][Error while trying to prepare statement 'SmSampleUsers'][][][][][][][][][][][][][][][][][][][][][][][][][]

    [03/25/2015][15:36:41.927][2254][3993791344][SmAzMapping.cpp:1230][CSmAzMapping::SmAzLocateUserEntry][][Leave function CSmAzMapping::SmAzLocateUserEntry][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.928][2254][3993791344][SmAzMapping.cpp:880][CSmAzMapping::SmLocateUser][][Leave function CSmAzMapping::SmLocateUser][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.928][2254][3993791344][SmAzMapping.cpp:847][CSmAzMapping::SmLocateAuthorizationUser][][Leave function CSmAzMapping::SmLocateAuthorizationUser][][][][][][][][][][][][][][][true][][][][][][][][][][]

    [03/25/2015][15:36:41.930][2254][3993791344][SmAzMapping.cpp:798][CSmAzMapping::ProcessRealm][][Leave function CSmAzMapping::ProcessRealm][][][][][][][][][][][][][][][ ][][][][][][][][][][]

    [03/25/2015][15:36:41.930][2254][3993791344][SmAzMapping.cpp:337][CSmAzMapping::GetAzUser][][Failed to find any valid user using Identity Mapping][][][][][][][][][][][][][][][][][][][][][][][][][]



  • 6.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-26-2015 01:28 AM

    Yes, this looks like a known defect RTC-148504. Please create a support ticket and we will be able to assist you further on this.



  • 7.  Re: what are the places, we need to be careful while configurig identity mapping(Auth-Az) between LDAP and ODBC DB

    Posted 03-26-2015 07:21 AM

    This is a regression in R12.52 SP1 - Identity mapping LDAP to ODBC works in version R12.51.  We have tested a dev fix, waiting on the schedule for when the fix will be released.  You can enter support ticket and request dev fix for testing (Bug 148504)