Layer 7 Access Management

Expand all | Collapse all

Policy server and LDAP communication error

Jump to Best Answer
  • 1.  Policy server and LDAP communication error

    Posted 06-26-2019 04:02 PM
    Edited by Ultimatix Support 06-26-2019 10:03 PM
    Hi All,

    We are getting the below error in our smps.log file.

    [ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: LdapErr: DS ID-0C0907E9, comment: Error processing name, data 0, v2580'

    [IMS6DsLdapProvider.cpp:2439][ERROR] DS error message: Invalid DN syntax
    [DsMarshall.cpp:97][ERROR] SmImsCommand (returnUsers) - Silently failed to retrieve attributes for invalidated User with DN j<A8><95>^M),&<AE><F1>e=D<91><9E><BD>Í^G<F9><91><F9>
    [SmDsLdapConnMgr.cpp:1194][ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
    'j��^M),&��e=D���Í^G���'

    Any ideas as to what is causing this ?
    I am seeing a lot of garbage value like this in the log.
    Running 12.50.2.841 Policy server.


  • 2.  RE: Policy server and LDAP communication error

    Posted 06-26-2019 06:13 PM
    Hi,

    I think I've recently seen this in my smps.log file also.  For me the issue was that I configured HTTP response headers which search to see if the logon user is a member of a particular AD group.  The issue was that I had a typo when specifying the full DN of the AD group such as - - > "cn=HR_Admin, ou=groups,dc=company=com"​.  When the policy server execute this trying to see if the current logon user is a member of the AD group so that it can set this response head it then complains that this full DN that it is trying to look up is an "Invalid DN syntax".

    I then looked closer and realized that I had a typo - - > "dc=company=com"  instead of - - > "dc=company.com" for my HTTP response header.


  • 3.  RE: Policy server and LDAP communication error

    Posted 06-26-2019 07:34 PM

    Isn't the root LDAP schema either o=company.com or dc=company,dc=com? Or am I using outdated schema definitions?

     






  • 4.  RE: Policy server and LDAP communication error
    Best Answer

    Posted 06-26-2019 11:12 PM
    This article explains the the use (your post mentions using AD which it references).
    https://serverfault.com/questions/49146/ldap-structure-dc-example-dc-com-vs-o-example#49162