IBM DataPower Operations Dashboard v1.0.10.0
A newer version of this product documentation is available.
You are viewing an older version. View latest at IBM DPOD Documentation.
Troubleshooting LDAP
The information in this page can be used to help troubleshoot LDAP issues.
Debugging
To enable debug logging, which includes the LDAP realm, edit the service log4j2 configuration file at /app/ui/MonTier-UI/lib/log4j2.xml or /app/appadmin/MonTier-AppAdmin/lib/log4j2.xml.
Change the "org.montier" logger to level="debug" as describe below:
<Logger name="org.montier" level="debug" additivity="false"> <AppenderRef ref="MONTIER"/> <AppenderRef ref="CATALINA"/> </Logger>
To enable trace logging of custom roles, edit the UI service log4j configuration file at /app/ui/MonTier-UI/lib/log4j2.xml.
Change the "MNTR_CUSTOM_ROLES" logger to level="trace" as describe below:
<Logger name="MNTR_CUSTOM_ROLES" level="trace" additivity="false"> <AppenderRef ref="LDAPLOG"/> </Logger>
The output log file will be created in the UI service log directory: /logs/ui with the name ldapLog.log
Common Issues
Referrals
You might get the following error message:
An exception performing authentication javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=XX,DC=XX,DC=XX'
The issue may be resolved by changing the referrals parameter (both inside the server.xml file and system parameters) to "ignore" and connecting to the greater AD "forest", which acts like a regular LDAP server on port 3268 (or 3269 for LDAPS).
LDAP authentication error codes
See the following link:Â http://www-01.ibm.com/support/docview.wss?uid=swg21290631