Inventory LDAP Import Task fails against AD domain with proxy user specified in LDAP FDN notation

Document ID:7014093
Creation Date:12-Nov-2013
Modified Date:21-Nov-2013
- Micro Focus Products:
  ZENworks Configuration Management

Environment

Novell ZENworks Configuration Management 11.2 Inventory
Novell ZENworks Asset Management 11.2

Situation

User source is based in Active Directory domain.
The login user for the user source configuration is entered in LDAP FDN notation like cn=admin_read_only,ou=users,dc=mycompany,dc=com
The inventory LDAP import is done with the option Search pre-configured LDAP source.

The LDAP import task is not possible since the LDAP Fields list is empty and no mapping to inventory fields is possible.

Error message in zcc.log:
"...
12 nov. 2013 10:19:21 MappingPage.........109 :DirectoryImportException: getContextFromJNDI - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
..."

Resolution

Workaround:

Specify the username for user source connectivity in domain login notation like AdminReadOnly@mycompany.com

Cause

The user login name for the LDAP bind request is built incorrectly. Instead of cn=admin_read_only,ou=users,dc=mycompany,dc=com it is done as cn=admin_read_only,ou=users,dc=mycompany,dc=com@mycompany.com

Status

Reported to Engineering

Additional Information

More information on user source related configuration details is available at ZENworks 11 SP2 User Source and Authentication Reference.

More detail related to LDAP based inventory imports is available at Importing Demographic Data.