Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-3575

LDAP auth module fails if more than one LDAP server is configured as primary/secondary LDAP server

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.0-Xpress, 11.0.0
    • Fix Version/s: 11.0.4, 12.0.1, 13.0.0
    • Component/s: authentication
    • Environment:
      OpenAM 11.0.0 or 10.1.0-Xpress on Apache Tomcat 7.0.x

    • Support Ticket IDs:

      Description

      Excerpt from OpenAM 10.1.0 Authentication debug log

      amAuthConfig:01/23/2014 01:07:04:320 PM CET: Thread[http-bio-8282-exec-1,5,main]
      iplanet-am-auth-ldap-server2: [ldap2.test.de:50389, ldap3.test.de:50389, ldap1.test.de:50389]
      amAuthConfig:01/23/2014 01:07:04:320 PM CET: Thread[http-bio-8282-exec-1,5,main]
      iplanet-am-auth-ldap-bind-passwd: <BLOCKED>
      amAuthConfig:01/23/2014 01:07:04:320 PM CET: Thread[http-bio-8282-exec-1,5,main]
      iplanet-am-auth-ldap-server: [ldap3.test.de:50389, ldap2.test.de:50389, ldap1.test.de:50389]
      ....
      amAuthLDAP:01/23/2014 01:07:12:959 PM CET: Thread[http-bio-8282-exec-2,5,main]
      LDAP initialize()
      amAuthLDAP:01/23/2014 01:07:12:959 PM CET: Thread[http-bio-8282-exec-2,5,main]
      No primary server for confing LDAP
      amAuthLDAP:01/23/2014 01:07:12:972 PM CET: Thread[http-bio-8282-exec-2,5,main]
      LDAP initialize()
      amAuthLDAP:01/23/2014 01:07:12:972 PM CET: Thread[http-bio-8282-exec-2,5,main]
      No secondary server for confing LDAP
      

      Excerpt from OpenAM 11.0.0 Authentication debug log

      amAuthConfig:01/23/2014 01:01:07:731 PM CET: Thread[http-bio-8383-exec-1,5,main]
      iplanet-am-auth-ldap-server2: [ldap2.test.de:50389, ldap1.test.de:50389]
      amAuthConfig:01/23/2014 01:01:07:731 PM CET: Thread[http-bio-8383-exec-1,5,main]
      iplanet-am-auth-ldap-bind-passwd: <BLOCKED>
      amAuthConfig:01/23/2014 01:01:07:731 PM CET: Thread[http-bio-8383-exec-1,5,main]
      iplanet-am-auth-ldap-server: [ldap3.test.de:50389, ldap1.test.de:50389]
      
      ...
      amAuthLDAP:01/23/2014 01:01:11:598 PM CET: Thread[http-bio-8383-exec-2,5,main]
      bindDN-> cn=Directory Manager
      requiredPasswordLength-> 8
      baseDN-> dc=openam,dc=forgerock,dc=org
      userNamingAttr-> uid
      userSearchAttr(s)-> [uid]
      userCreationAttrs-> []
      searchFilter->
      searchScope-> sub
      ssl-> false
      trustAll-> false
      authLevel-> 0
      beheraEnabled->true
      primaryServers-> []
      secondaryServers-> []
      
      ...
      
      amAuthLDAP:01/23/2014 01:01:11:605 PM CET: Thread[http-bio-8383-exec-2,5,main]
      Create ConnectionPool for servers:
      []
      amAuthLDAP:01/23/2014 01:01:11:605 PM CET: Thread[http-bio-8383-exec-2,5,main]
      LDAPAuthUtils.LDAPAuthUtils: min=1, max=5
      amLoginModule:01/23/2014 01:01:11:606 PM CET: Thread[http-bio-8383-exec-2,5,main]
      SETTING Failure Module name.... :LDAP
      amAuth:01/23/2014 01:01:11:606 PM CET: Thread[http-bio-8383-exec-2,5,main]
      Module name is .. LDAP
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kamal.sivanandam@forgerock.com Kamal Sivanandam
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: