Data Infrastructure Management Software Discussions

Re: First LDAP connection failed then works...

I believe the fix for OCI was to switch the order of login modules in login-config.xml.

If someone could email me ( ostiguy at netapp dot com ) their login-config.xml, I could take a look and offer a suggestion

Re: First LDAP connection failed then works...

Hi Ostiguy,

I'll send you config file.

Thanks,

Sasha

Re: First LDAP connection failed then works...

Hi Dan, Julien and jmalghem2009

I've created custom login module configuration as per ostiguy suggestion.

Please send me your mail if you want to try it and I'll send you the instructions.

My mail is: korman at netapp dot com

Thanks,

Sasha

Re: First LDAP connection failed then works...

Interesting that OCI has been mentioned. I see similar behavior with my OC Report instance, which basically uses the same engine as OCI.

And I too have seen it with my WFA installation, but it appears to occur randomly.

regards, Niels

Re: First LDAP connection failed then works...

I also sent you an email with my current WFA "login-config.xml" config file.

Thanks!


Dan

Re: First LDAP connection failed then works...

Having the exact same problem here.  Did anyone ever find a solution?  First login attempt via LDAP/AD fails every time.  Second attempt is OK.

Thanks,

Craig

Re: First LDAP connection failed then works...

I don't believe the WFA team has a solution yet.

If you want to try what OCI 6.3.3 and higher are doing, backup your login-config.xml file, and then edit it:

<!--  Authenticate and Authrization through database -->

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

<module-option name="dsJndiName">java:/jboss-mysql-ds</module-option>

<module-option name="principalsQuery">select password from wfa.user where name=? and user_role_type != 'Backup'</module-option>

<module-option name="rolesQuery">select r.ejb_role, 'Roles' from wfa.user u, wfa.user_role_to_ejb_role r where u.name=? and u.user_role_type=r.user_role_type</module-option>

<module-option name="hashAlgorithm">SHA-1</module-option>

<module-option name="hashEncoding">base64</module-option>

<module-option name="unauthenticatedIdentity">guest</module-option>

</login-module>

<!--  Authenticate using LDAP -->

<login-module code="com.netapp.wfa.ldap.LdapLoginModule" flag="sufficient">

<module-option name="daoJndiName">wfa-0.5/LdapUsersDaoImpl/local</module-option>

</login-module>

I think you will find in your existing file, the LDAP section is on top of the through database section. Simply switch the two, so LDAP is tried second. It seems somewhat nonintuitive, but this may be the fix

Re: First LDAP connection failed then works...

We were having the same issue.  What resolved it for us is to use " LDAP server: ldap://<FQDN>"  No specific DC or AD servers.  It seems to work.  I will be testing it multiple users this weekend and next week.

Re: First LDAP connection failed then works...

Hi Shalin,

Have you tried to run it against multiple LDAP servers, i.e. ldap://<FQDN1>, ldap://<FQDN2>?

Thanks,

Sasha

Re: First LDAP connection failed then works...

Hi Ostiguy,

Thank your for this solution proposal.

We've tried this solution with number of customers, but unfortunately it does not help.

Thanks,

Sasha

Forums