eDirectory errors with ZENworks user bind

  • 7000599
  • 23-Mar-2012
  • 07-Jan-2013

Environment

Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1

Situation

The user bind sent by ZENworks/Casa for user authentication sends an invalid DN on first try.
 
ERROR (on eDirectory dstrace):
 
2789198752 LDAP: [2012/01/25 16:05:30.44] Illegal ndsname "mmelo" in
ldap2uNDSDN, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] ldap2uNDSDN ldapDN = "mmelo" - error
34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Failed to convert LDAP DN "mmelo" in
nds_back_bind, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Sending operation result 34:"":"" to
connection 0x17d35780

Resolution

For most logins (all but the first), This is fixed in version 11.2 - see KB 7010044 "ZENworks Configuration Management 11.2 - update information and list of fixes" which can be found at https://www.novell.com/support
See Additional Information

Cause

This error is caused by a requirement of multi-vendor LDAP support.  But it need only occur on the first user bind per device.

Additional Information

The invalid DN will now only be sent if the authenticated user is uncached in ZCM Authentication History registry settings.  After the first authentication, the full FQDN will be cached, and the bind will use that instead.  This should not only greatly reduce the errors, but speed up overall login time.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.