Jump to: navigation, search

LDAP Error Handling

Overview

When there is an error, the LDAP AM delivers two error-related properties to Configuration Server: error code and error description string. error code is reported in the log files, but only the error description string is shown on the client’s GUI.

The LDAP AM uses one of three methods to extract this property (listed from highest priority to lowest):

  1. Explicit error description returned by the LDAP server.
  2. Error description produced from an error code based on the mapping table inside the AM. This table is populated from a supplied and configured LDAP error description file (ldaperrors.txt). See Error Codes.
  3. Error description produced from a standard LDAP error code. See Error Codes.

Management Layer Configuration

You can configure the Management Layer to generate various alarms in response to error codes sent from the LDAP AM. See the Framework Management Layer User's Guide.

Special Treatment

If the LDAP AM receives an error code that is marked for retry in the error description file (see Error Codes), it initiates retry attempts according to the policy described in the retry-attempts and retry-interval parameters specified for this connection. A negative response is returned back to the client only after all retry attempts on all available servers were completed without success.

Error Codes

The LDAP Directory Administrator (Novel E-Directory, IBM Tivoli Directory Server, or Microsoft Active Directory) defines the error codes. Please refer to their documentation.

The following is the content of the default error file (ldaperrors.txt) that corresponds to the error descriptions in the OpenLDAP client package.

[+] Show codes

Error Messages

This section describes error messages returned by the LDAP server.

Important
The messages in this section correspond to standard LDAP messages. However, your particular LDAP server may be configured to produce different messages in the same situations.

Inappropriate Authentication

A message like this might appear when both of the following conditions are true:

  • Option allow-empty-password is set to true (the default).
  • A blank password has been passed to the LDAP AM.

To correct this error, log on to your GUI application with a valid non-empty password.

Invalid Credentials

A message like this might appear when an incorrect password has been passed to the LDAP AM.

To correct this error, log on to your GUI application with a valid non-empty password.

Can’t Contact LDAP Server

A message like this might appear when the Configuration Server cannot contact any LDAP server for one or more of the following reasons:

  • The LDAP server is down.
  • The LDAP server cannot be accessed due to network problems.
  • If you configured a secure connection using the Genesys TLS Protocol, one or more security parameters specified in the configuration file are not valid.

To correct this error, do the following:

  • Check that at least one LDAP server is running.
  • Check that at least one LDAP server is accessible over the network.
  • If you configured a secure connection using the Genesys TLS Protocol, check that the security parameters specified in the configuration file are valid. For more information, refer to the Genesys Security Deployment Guide.
This page was last edited on December 13, 2017, at 19:26.

Feedback

Comment on this article:

blog comments powered by Disqus