The information in this page can be used to help troubleshoot LDAP issues.

References

• https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
• https://wiki.apache.org/tomcat/JNDI_HowTo
• https://www.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/appcenter/r_ac_tom_ldap.html

Debugging

Enabling UI Service LDAP Trace

To enable trace logging edit the UI service log4j configuration file : /app/ui/MonTier-UI/lib/log4j2.xml

Change the "MNTR_CUSTOM_ROLES" logger to level="trace"

<Logger name="MNTR_CUSTOM_ROLES" level="trace" additivity="false">
		<AppenderRef ref="LDAPLOG"/>
</Logger>

To enable log based debug, edit the $CATALINA_HOME/conf/logging.properties file. 

Insert the following lines (in blue):

############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
# This would turn on trace-level for everything
# the possible levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL
#org.apache.catalina.level = ALL
#org.apache.catalina.handlers = 2localhost.org.apache.juli.FileHandler
org.apache.catalina.realm.level = ALL
org.apache.catalina.realm.useParentHandlers = true
org.apache.catalina.authenticator.level = ALL
org.apache.catalina.authenticator.useParentHandlers = true
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler

Common Issues

Referrals

You might get the following error message:

The issue may be resolved by changing the referrals parameter (both inside the server.xml file and system parameters) to "ignore" and connecting to the greater AD "forest", which acts like a regular LDAP server on port 3268 (or 3269 for LDAPS).

LDAP authentication error codes

See the following link: http://www-01.ibm.com/support/docview.wss?uid=swg21290631