Unable to login to WebAdmin (SSL/TLS)

  • Document ID:7012616
  • Creation Date:17-Jun-2013
  • Modified Date:10-Dec-2013
    • Micro Focus Products:
      GroupWise
      GroupWise Mobility Service

Environment


Novell Data Synchronizer Mobility Pack

Situation

No user can login to DataSync WebAdmin
Can't login to WebAdmin as any user, even admin.
No accounts can authenticate/login to WebAdmin.
WebAdmin: "Invalid Username/password. Please try again."
/var/log/datasync/configengine/configengine.log: "Authentication or LDAP server failure"

Resolution

The below steps presume an unsecure LDAP connection is preferred using the default port 389. This administration choice is configured from WebAdmin | Manage Global Settings. If it is preferred to have SSL/TLS LDAP authentication using the default port 636, follow the steps provided in the Additional Information section instead.

  1. From the DataSync/Mobility server, determine the specified LDAP server:
    • From a terminal window, type:
      cat /etc/datasync/configengine/configengine.xml and press [Enter]
    • Look for the <ldap> section and make note of the <hostname>
      <ldap>
            <groupContainer>ou=servers,o=novell</groupContainer>
            <groupContainer>o=novell</groupContainer>
            <secure>false</secure>
            <hostname>151.155.215.90</hostname>
            ...
      </ldap>
    • 151.155.215.90 is the specified LDAP server between the <hostname> tags in the <ldap> section.

  2. Disable "Require TLS for Simple Binds with Password" on the LDAP server:
    1. Option A - using ConsoleOne or iManager: 
      1. Open the properties of the LDAP Group object for the above LDAP server.
      2. Uncheck "Require TLS for Simple Binds with Password"
      3. Select OK
      4. Refresh the LDAP Server from the Properties of the LDAP Server object | General tab | "Refresh NLDAP Server Now" in ConsoleOne or "Refresh" in iManager. This step applies the changes to the LDAP server.
    2. Option B - using terminal: 
      1. From a terminal window on the LDAP server found from Step 1 above:
        ldapconfig set "Require TLS for Simple Binds with Password=no"
      2. Provide the typeless FDN to the admin user (ex: admin.novell) and the password
      3. Verify the LDAP server is properly re-configured and refreshed.
        LDAP Server Configuration:
        LDAP Server: CN=LDAP Server - ldapServer.OU=servers.O=novell
        LDAP Group: CN=LDAP Group -         ldapServer.OU=servers.O=novell
        Require TLS for Simple Binds with Password set to no
        LDAP Server refreshed with the new configuration.

Cause

LDAP Server is set to require TLS for simple binds with password.

Additional Information

Please follow TID 7012481 below to configure DataSync for secure LDAP authentication.