Users prompted to login to NSL/ LDAP after successful Windows login

Document ID:3899539
Creation Date:08-Sep-2006
Modified Date:26-Apr-2012
- Micro Focus Products:
  SecureLogin

Environment

Novell SsecureLogin
LDAP

SecretStore

NSL 6.0 installed in LDAP/ SecretStore mode

NSL 6.0 installed in LDAP Credential Manager mode (see tid 3009412 for a description of the NSL LDAP installation modes)

NTAssociation set to "on" (i.e. option chosen during installation to associate the Windows user name with the NSL/ LDAP username)

Situation

Users are prompted to login to LDAP/ NSL gina;

Windows passthrough does not work.

Problem only occurs with select servers

Problem occurs when users authenticate through some LDAP servers, but not others.

Resolution

CAUSE:

SecretStore was not installed on the failing servers
FIX:

Install SecretStore on all servers that will be used for LDAP authentication.  With NSL installed in LDAP/ SecretStore mode, SecretStore must be available on all servers that will be used for LDAP authentication.


TROUBLESHOOTING:

On failing server:

- Set dstrace to capture LDAP
- Load iMonitor, locate LDAP server object and unload/ reload to refresh
- Look in dstrace file for extension 2.16.840.1.113719.1.148.100.1 in extension list.
- Extension 2.16.840.1.113719.1.148.100.1 did not show in extension list.
- LSSS is the ldap secret store service, and was not present on the failing server.

Repeated above process on a server that did NOT have the problem.
- Extension 2.16.840.1.113719.1.148.100.1 DID show in extension list as the LSSS extension handler