Layer7 Access Management

Expand all | Collapse all

Policy server and LDAP communication error

Jump to Best Answer
  • 1.  Policy server and LDAP communication error

    Posted 26 days ago
    Edited by Ultimatix Support 26 days ago
    Hi All,

    We are getting the below error in our smps.log file.

    [ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: LdapErr: DS ID-0C0907E9, comment: Error processing name, data 0, v2580'

    [IMS6DsLdapProvider.cpp:2439][ERROR] DS error message: Invalid DN syntax
    [DsMarshall.cpp:97][ERROR] SmImsCommand (returnUsers) - Silently failed to retrieve attributes for invalidated User with DN j<A8><95>^M),&<AE><F1>e=D<91><9E><BD>Í^G<F9><91><F9>
    [SmDsLdapConnMgr.cpp:1194][ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
    'j��^M),&��e=D���Í^G���'

    Any ideas as to what is causing this ?
    I am seeing a lot of garbage value like this in the log.
    Running 12.50.2.841 Policy server.


  • 2.  RE: Policy server and LDAP communication error

    Posted 26 days ago
    Hi,

    I think I've recently seen this in my smps.log file also.  For me the issue was that I configured HTTP response headers which search to see if the logon user is a member of a particular AD group.  The issue was that I had a typo when specifying the full DN of the AD group such as - - > "cn=HR_Admin, ou=groups,dc=company=com"​.  When the policy server execute this trying to see if the current logon user is a member of the AD group so that it can set this response head it then complains that this full DN that it is trying to look up is an "Invalid DN syntax". 

    I then looked closer and realized that I had a typo - - > "dc=company=com"  instead of - - > "dc=company.com" for my HTTP response header.


  • 3.  RE: Policy server and LDAP communication error

    Posted 26 days ago

    Isn't the root LDAP schema either o=company.com or dc=company,dc=com? Or am I using outdated schema definitions?

     






  • 4.  RE: Policy server and LDAP communication error
    Best Answer

    Posted 26 days ago
    This article explains the the use (your post mentions using AD which it references).
    https://serverfault.com/questions/49146/ldap-structure-dc-example-dc-com-vs-o-example#49162