Environment
Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1
Situation
The user bind sent by ZENworks/Casa for user authentication sends an invalid DN on first try.
ERROR (on eDirectory dstrace):
2789198752 LDAP: [2012/01/25 16:05:30.44] Illegal ndsname "mmelo" in
ldap2uNDSDN, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] ldap2uNDSDN ldapDN = "mmelo" - error
34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Failed to convert LDAP DN "mmelo" in
nds_back_bind, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Sending operation result 34:"":"" to
connection 0x17d35780
ldap2uNDSDN, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] ldap2uNDSDN ldapDN = "mmelo" - error
34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Failed to convert LDAP DN "mmelo" in
nds_back_bind, err = 34 (0x22)
2789198752 LDAP: [2012/01/25 16:05:30.44] Sending operation result 34:"":"" to
connection 0x17d35780
Resolution
For most logins (all but the first), This is fixed in version 11.2 - see KB 7010044 "ZENworks Configuration Management 11.2 - update information and list of fixes" which can be found at https://www.novell.com/support
See Additional Information
Cause
This error is caused by a requirement of multi-vendor LDAP support. But it need only occur on the first user bind per device.
Additional Information
The invalid DN will now only be sent if the authenticated user is uncached in ZCM Authentication History registry settings. After the first authentication, the full FQDN will be cached, and the bind will use that instead. This should not only greatly reduce the errors, but speed up overall login time.