CA Service Management

  • Private Community
 View Only

  • 1.  LDAP Merge, Operation Failed

    Posted Dec 19, 2016 09:03 PM

    Hi there,

     

    When attempting to do the merge LDAP functionality in CA SDM (14.1.03) I receive the following error:

     

    stdlog.1:

    12/19 17:59:20.88 WPDHSWEBL35    ldap_agent_nxd       4776 ERROR        ldap_agent.c           712 LDAP_Agent not enabled

     

    When running PDM_LDAP_TEST the following is returned:

     

    However, basic LDAP functions are working fine. You can login to the system with LDAP credentials. SSO is working against LDAP. But none the less the merge functionality is not working and LDAP test is resulting in the above error.

     

    I assume this is a file setting or role/features of Windows that needs to be setup for this to function correctly.

     

    Any thoughts?

     

    Many thanks,
    Jordan



  • 2.  Re: LDAP Merge, Operation Failed
    Best Answer

    Posted Dec 19, 2016 09:33 PM

    Jordan,

     

    In the Options Manger, are these attributes Installed and what are their values?

     

    ldap_user_object_class

    num_ldap_agents

    (and does this match the value of @NX_NUM_LDAP_AGENTS in NX.env?)

     

    Do you have multiple LDAP domains defined and/or do you have the default LDAP domain defined in the Options Manager named via the NX_LDAP_DOMAIN variable in NX.env?

     

    J.W.



  • 3.  Re: LDAP Merge, Operation Failed

    Broadcom Employee
    Posted Dec 20, 2016 09:40 AM

    In addition to checking the Options Manager settings, I just wanted to clarify why you're seeing one aspect of LDAP working while others don't.

     

    Service Desk has one or two daemons (depending on the version you are using) that perform user authentication, boplgin and bopauth_nxd. When a user attempts to login it will check the access type associated to the user, and if it's configured for "Windows Authentication" the daemons will first attempt to find the contact record on the local server OS, after that attempt it will check for users in the domain that the server is joined to.

    This whole process is completely outside and independent of the daemon that performs the ldap imports or merges, so the fact that authentication works but the imports failing is a possibility.

     

    The LDAP options manager settings are ONLY used for the LDAP import/merge processes, they have no effect on the user's ability to authenticate. 



  • 4.  Re: LDAP Merge, Operation Failed

    Posted Dec 29, 2016 07:56 PM

    Sorry for not following-up! 


    The solution was to set the LDAP_USER_OBJECT_CLASS which was not installed. This instantly resolved the issue.