What can cause this LDAP connection error?

Solved1.45K viewsLDAP
0
0 Comments

Hello,

A user configured LDAP on DataMiner Cuber (using SSL) and it seems to be working well. However the logs (SLDataMiner.txt and SLErrors.txt) show the following messages constantly:

2020/06/23 16:25:00.698|SLDataMiner.exe 9.6.1829.4456|2152|13684|LdapConnection::AddLDAPNotification|ERR|0|The asynch search failed. (LastError = 81)
2020/06/23 16:25:00.814|SLDataMiner.exe 9.6.1829.4456|2152|14312|LdapConnection::LdapConnection|CRU|0|Connected to the server.
2020/06/23 16:25:00.817|SLDataMiner.exe 9.6.1829.4456|2152|14312|LdapConnection::LdapConnection|ERR|0|Bind to the server using default credentials failed. You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name. (LastError = 52)

What can be the root causes for these errors?

Thank you for the help.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 5th July 2023

1 Answer

5
5.44K 2 Comments

Judging by the error codes:

  • error 81 = LDAP_SERVER_DOWN = "client-side result code that indicates that the LDAP libraries cannot establish an initial connection with the LDAP server. Either the LDAP server is down or the specified host name or port number is incorrect."
  • error 52 = LDAP_UNAVAILABLE = "Indicates that the LDAP server cannot process the client's bind request, usually because it is shutting down."

For reference, a full list of LDAP error codes is here.

Don't get confused by the "You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name" error. It appears that when logging the error, the error code is translated as if it were a standard windows error code, which it is not.

Additional resources for LDAP Connectivity issues: http://www.ldapadmin.org/ is a free Windows LDAP client which you could use to verify the connectivity to the LDAP server.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 5th July 2023
João Pereira [SLC] commented

Hi Wouter, thank you for the reply.
The odd thing here is that the wireshark trace seems to show all working well and the users list and groups can successfully be retrieved.
The users are able to log in fine with their respective accounts.
Why would we see these messages if apparently all is working well?
Wouter Demuynck [SLC] [DevOps Enabler] commented

Some further ideas:

– If restarting the DataMiner software helps, it might have been a temporary issue or related to resources not being freed correctly
– The config in DataMiner.xml is only used to synchronize the users/groups from the LDAP server towards security.xml. Actual logon goes through Windows. If logging onto DataMiner using the domain users still works, but LDAP connection errors are logged, these only apply to that sync connection. It might be good to triple-check the settings that were configured in DataMiner.xml.
– Main logfiles of interest are SLDataMiner.txt and (SL)ActiveDirectory.txt
You are viewing 1 out of 1 answers, click here to view all answers.