Symantec Access Management

Hi All,

We are getting the below error in our smps.log file.

[ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: LdapErr: DS ID-0C0907E9, comment: Error processing name, data 0, v2580'

[IMS6DsLdapProvider.cpp:2439][ERROR] DS error message: Invalid DN syntax
[DsMarshall.cpp:97][ERROR] SmImsCommand (returnUsers) - Silently failed to retrieve attributes for invalidated User with DN j<A8><95>^M),&<AE><F1>e=D<91><9E><BD>Í^G<F9><91><F9>
[SmDsLdapConnMgr.cpp:1194][ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
'j��^M),&��e=D���Í^G���'

Any ideas as to what is causing this ?
I am seeing a lot of garbage value like this in the log.
Running 12.50.2.841 Policy server.

Hi,

I think I've recently seen this in my smps.log file also.  For me the issue was that I configured HTTP response headers which search to see if the logon user is a member of a particular AD group.  The issue was that I had a typo when specifying the full DN of the AD group such as - - > "cn=HR_Admin, ou=groups,dc=company=com"​.  When the policy server execute this trying to see if the current logon user is a member of the AD group so that it can set this response head it then complains that this full DN that it is trying to look up is an "Invalid DN syntax". 

I then looked closer and realized that I had a typo - - > "dc=company=com"  instead of - - > "dc=company.com" for my HTTP response header.
Original Message:
Sent: 06-26-2019 04:01 PM
From: Ultimatix Support
Subject: Policy server and LDAP communication error

Hi All,

We are getting the below error in our smps.log file.

[ERROR] Error# '34' during search: 'error: Invalid DN syntax extended error: 0000208F: LdapErr: DS ID-0C0907E9, comment: Error processing name, data 0, v2580'

Any ideas as to what is causing this ?
Running 12.50.2.841 Policy server.

Original Message------

Hi,

I think I've recently seen this in my smps.log file also.  For me the issue was that I configured HTTP response headers which search to see if the logon user is a member of a particular AD group.  The issue was that I had a typo when specifying the full DN of the AD group such as - - > "cn=HR_Admin, ou=groups,dc=company=com"​.  When the policy server execute this trying to see if the current logon user is a member of the AD group so that it can set this response head it then complains that this full DN that it is trying to look up is an "Invalid DN syntax". 

I then looked closer and realized that I had a typo - - > "dc=company=com"  instead of - - > "dc=company.com" for my HTTP response header.

This article explains the the use (your post mentions using AD which it references).
https://serverfault.com/questions/49146/ldap-structure-dc-example-dc-com-vs-o-example#49162
Original Message:
Sent: 06-26-2019 07:33 PM
From: TuQuynh Nguyen
Subject: Policy server and LDAP communication error

Isn't the root LDAP schema either o=company.com or dc=company,dc=com? Or am I using outdated schema definitions?

 

Original Message------

Hi,

I think I've recently seen this in my smps.log file also.  For me the issue was that I configured HTTP response headers which search to see if the logon user is a member of a particular AD group.  The issue was that I had a typo when specifying the full DN of the AD group such as - - > "cn=HR_Admin, ou=groups,dc=company=com"​.  When the policy server execute this trying to see if the current logon user is a member of the AD group so that it can set this response head it then complains that this full DN that it is trying to look up is an "Invalid DN syntax". 

I then looked closer and realized that I had a typo - - > "dc=company=com"  instead of - - > "dc=company.com" for my HTTP response header.