The information in this page can be used to help troubleshoot LDAP issues.
References
- https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
- https://wiki.apache.org/tomcat/JNDI_HowTo
- https://www.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/appcenter/r_ac_tom_ldap.html
Debugging
Enabling UI Service LDAP Trace
...
Debugging
To enable debug logging, which includes the LDAP realm, edit the service log4j2 configuration file at /app/ui/MonTier-UI/lib/log4j2.xml or /app/appadmin/MonTier-AppAdmin/lib/log4j2.xml.
Change the "org.montier" logger to level="debug" as describe below:
Code Block | ||||
---|---|---|---|---|
| ||||
<Logger name="org.montier" level="debug" additivity="false">
<AppenderRef ref="MONTIER"/>
<AppenderRef ref="CATALINA"/>
</Logger> |
To enable trace logging of custom roles, edit the UI service log4j configuration file : at /app/ui/MonTier-UI/lib/log4j2.xml.
Change the "MNTR_CUSTOM_ROLES" logger to level="trace" as describe below:
...
The output log file will be created in the UI service log directory: /logs/ui with the name ldapLog.log
Common Issues
Referrals
You might get the following error message:
...
The issue may be resolved by changing the referrals parameter (both inside the server.xml file and system parameters) to "ignore" and connecting to the greater AD "forest", which acts like a regular LDAP server on port 3268 (or 3269 for LDAPS).
LDAP authentication error codes
See the following link: http://www-01.ibm.com/support/docview.wss?uid=swg21290631