The information in this page can be used to help troubleshoot LDAP issues.

Debugging

To enable debug logging, which includes the LDAP realm, edit the service log4j2 configuration file at /app/ui/MonTier-UI/lib/log4j2.xml or /app/appadmin/MonTier-AppAdmin/lib/log4j2.xml.

Change the "org.montier" logger to level="debug" as describe below:

<Logger name="org.montier" level="debug" additivity="false">
	<AppenderRef ref="MONTIER"/>
	<AppenderRef ref="CATALINA"/>
</Logger>

To enable trace logging of custom roles, edit the UI service log4j configuration file at /app/ui/MonTier-UI/lib/log4j2.xml.

Change the "MNTR_CUSTOM_ROLES" logger to level="trace" as describe below:

<Logger name="MNTR_CUSTOM_ROLES" level="trace" additivity="false">
		<AppenderRef ref="LDAPLOG"/>
</Logger>

The output log file will be created in the UI service log directory: /logs/ui with the name ldapLog.log

Common Issues

Referrals

You might get the following error message:

An exception performing authentication javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=XX,DC=XX,DC=XX'

The issue may be resolved by changing the referrals parameter (both inside the server.xml file and system parameters) to "ignore" and connecting to the greater AD "forest", which acts like a regular LDAP server on port 3268 (or 3269 for LDAPS).

LDAP authentication error codes

See the following link: http://www-01.ibm.com/support/docview.wss?uid=swg21290631

Browser not supported