Common LDAP Errors reported by the POA

  • 7000795
  • 01-Jul-2008
  • 06-Dec-2012

Environment

Novell GroupWise
GroupWise 6
GroupWise 6 SP1
Novell GroupWise 6.5
Novell GroupWise 7.0

Situation

Common LDAP Errors reported by the POA
Error LDAP failure detected, cannot log in to GroupWise
Error codes: D06B, D019
Common LDAP Errors reported by the POA

Resolution

Errors

15:42:26 48B LDAP Error: 12
15:42:26 48B LDAP Error: Critical extension is unavailable
15:42:26 48B Error: LDAP failure detected [D06B] User:User1

Error 12 Cause/Fix: GroupWise Requires E-Dir version 85.12 or greater when using the LDAP Username and Password options. Don't confuse this with E-Dir version 8.77 which is older than 85.x This can be checked from the file server by typing "Version".  If you need to use the LDAP Username then you will need to patch to EDir version 85.20 or greater.  If you do not use the LDAP Username then NDS 8 is sufficient.

09:58:37 1C5 LDAP Error: 13
09:58:37 1C5 LDAP Error: Confidentiality required
09:58:37 1C5 Error: LDAP failure detected [D06B] User:User1

Error 13 Cause/Fix:  This error will occur when SSL is NOT being used AND the LDAP Group Object is not configured to use Clear Text Passwords.  This can be resolved by either enabling SSL or by editing the LDAP Group Object and checking the "Allow Clear Text Passwords" box.

10:45:49 145 LDAP Error: 32
10:45:50 145 LDAP Error: No such object
10:45:50 145 Error: LDAP failure detected [D06B] User:User1

Error: 32 Cause/Fix: This error is caused when a user cannot be found.  This may be the user's e-mail address field may not match the internet addressing domain name.  ie: user's e-mail address field = user@host.com and the internet domain name = anythingelse.com.  Found in the user's properties on the General Tab.
This has also been seen when the LDAP User Name is incorrectly referring to the wrong ou the user doesn't exist in.  Make sure the full "path" to the user is accurate.  Found in the Post Office properties | GroupWise Tab | Security.   In GroupWise 6.5 this can be caused by incorrectly defined GroupWise LDAP Servers found in Tools | System Operations | LDAP Servers.  Edit the ldap servers listed looking for invalid IP addresses.

Dissasociate and reassociate the user.

15:10:19 48A LDAP Error: 34
15:10:19 48A LDAP Error: Invalid DN syntax
15:10:19 48A Error: LDAP failure detected [D06B] User:User1

Error 34 Cause/Fix: This error occurs when you use the LDAP User Name Option and the User Name has been entered with an invalid Syntax.  Correct Name Syntax (refer to the POA startup file) is: ·cn=userid,ou=group,ou=division,o=organization" Refer to Solution NOVL67878 for more details on this specific error.

11:01:48 1B5 LDAP Error: 49
11:01:48 1B5 LDAP Error: Invalid credentials
11:01:52 1B5 Error: Invalid password [D019] User:User1

Error 49 Cause/Fix:  User has input the incorrect ldap password.  Try again. This also will be reported if the GroupWise oject is not associated with the eDirectory object.

11:01:48 1B5 LDAP Error: 53
11:01:48 1B5 LDAP Error: DSA is unwilling to perform
11:01:52 1B5 Error: LDAP failure detected [D06B] User:User1

Error 53 Cause/Fix:  NDS User account has been expired or disabled.  Error 53 can also be caused when the NDS User account exceeds Concurrent Connections, has a Limited Login Time defined, or the Intruder Detection limits have been exceeded.

10:38:37 209 LDAP Error: 81
10:38:37 209 LDAP Error: Can't contact LDAP server
10:38:37 209 Error: LDAP failure detected [D06B] User:User1

Error 81 Cause/Fix:  The POA can't contact the LDAP Server.  Check the IP# listed in the Post Office Object for the LDAP Server.  Make sure the LDAP server is running and the servers are communicating correctly, etc.

11:49:49 204 LDAP Error: 65535
11:49:49 204 LDAP Error: Unknown error
11:49:49 204 Error: LDAP failure detected [D06B] User:User1

Error 65535 Cause/Fix:  Make sure your Post Office Properties  | Security | SSL Key File is entered correctly and the POA has access to the path.  This can a.lso be a problem with the key file, try regenerating a new one.  If the above two have been done rebuilding the Post Office database would be another troubleshooting step.  This can also be caused by using the utility GWCSRGEN.EXE.  We require the LDAP server's SSL Key File, for example: sys:\public\rootcert.der.  gwcsrgen does not generate this type of certificate.  Putting the key file in the post office directory rather the the sys:\public\rootcert.dir can resolve this error in some cases.

09:35:12 1FB LDAP Error: 4 
09:35:12 1FB LDAP Error: Size limit exceeded 
09:35:12 1FB Error: LDAP failure detected [D06B] User:User1

Error 4 Cause/Fix: The POA is pointing to an LDAP server in a different Tree or directory than the one GroupWise is installed. In this situation, the POA must know the full distinguished name of the user in the LDAP directory it is quering. If the GroupWise user object does NOT have this value defined on the properties of the user, then the POA will do an LDAP lookup on the email address of this user. This error is caused by the LDAP server returning two entries for the email address searched on by the POA. For example if there were two accounts in the LDAP directory that had an email address of user1@domain.com. The POA would search for this email, and would get two results, and not know what account represented the user trying to log in. To fix this problem, go to the properties of the GroupWise user, and define the full LDAP Distinguised name in the "LDAP Authentication" field. This field is found on the GroupWise tab when accessing the properties of the GroupWise user in Console One. The fully distinguished name must be in LDAP notation such as cn=user1,ou=users,o=company.  You may also need to check for duplicate email addresses in the LDAP directory that the GroupWise POA is pointing to and resolve that.

1:49:49 204 LDAP Error: 2
11:49:49 204 LDAP Error: Unknown error
11:49:49 204 Error: LDAP failure detected [D06B] User:User1

Error 4 Cause/Fix: The POA is connecting to an LDAP server other than NLDAP.  The most common cause is when a GWIA is running on the same server as the NLDAP server and GWIA is configured to support LDAP.  The POA is attempting to authenticate the users against GWIA LDAP, which is not possible.  Disable GWIA LDAP and attempt to login again.

08:36:30 332  Error: LDAP authentication not supported for this platform [D06C] User:User1

Authentication not supported Cause/Fix:  The POA is attempting to find and load the LDAP supporting files, LDAPSSL.NLM, LDAPX.NLM files & LDAPSDK.NLM.  The default location for the LDAP nlms is sys:\system.  If you are running your GroupWise Agents from a different directory, such as sys:\system\gwagents, you will see this Error.  Fix: Copy the ldap nlms from your GroupWise Software Distribution Directory or CD etc (...\agents\nlm\ldap) into the directory you are running the GroupWise Agents from.

Additional Information

See solution NOVL68232 for Enabling LDAP Authentication with GroupWise 6
Formerly known as TID# 10067376