LO75743: SSO FOR WEB NOT WORKING IF AD PASSWORD & INTERNET PW ARE THE SAME

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as user error.

Error description

  • Domino 8.5.2FP3\Win7
    
    
    
    Windows single sign-on for Web clients doesn't work if
    internet password in person record domino directory and active
    directory password are the same. Everything works fine if the
    passwords
    are not the same.
    
    
    This really should work.
    
    - Client password is "password 1" and AD password is "password
    2" and everything works fine
    - Then you change the client password to "password 2" to match
    the AD password and it no longer works.
    
    - Added the following debug parameters to the server notes.ini
    followed by a server restart.
    Then test with both passwords being different so I can see it
    working.
    Then test with both passwords the same so I can see it fail.
    
    DEBUG_SSO_TRACE_LEVEL=2
    
    WEBSAUTH_VERBOSE_TRACE=1
    
    Console_log_enabled=1
    
    Debug_ThreadID=1
    
    Results on ecurep
    
    Examined the console.log:
    
    Following failure can be seen at 1:44 and even at 1:41 when
    attempt was
    successfull:
    
    [12648688:00053-10027] 14.05.2013 13:44:51.29
    NAMELookup::<NAMEVerifyLDAPPassword>> BIND LDAP
    host='D00370003.AUTOMOBIL.DEKRA.DE:389' failed for user
    'CN=A24766,OU=StandardUser,OU=User,OU=HV,OU=user,D
    C=company,DC=test,DC=de' error:'Invalid credentials'
    [12648688:00053-10027] 14.05.2013 13:44:51.29
    NAMELookup::<NAMEVerifyLDAPPassword>> Informational: Restore
    LDAP msgid
    ='6'
    [12648688:00053-10027] 14.05.2013 13:44:51.29
    NAMELookup::<NAMEVerifyLDAPPassword>> Restoring LDAP Connection
    for
    host='D00370003.company.test.DE:389' w/ user='AUTOMOBIL\C00999'
    [12648688:00053-10027] 14.05.2013 13:44:51.29
    NAMELookup::<NAMEVerifyLDAPPassword>> Received error 'Error
    looking up
    name on LDAP Server; See server log for further details.'
    trying to verify LDAP credentials!
    [12648688:00017-10027] 14.05.2013 13:44:51.29 WebAuth>
    Unsuccessful LDAP
    BIND for
    user='CN=A24766/OU=StandardUserHV/OU=UserHV/OU=HV/OU=company /D
    C=company/DC=dekra/DC=de'
    
    -also LTPATOKEN and LTPATOKEN2 are existing
    
    Can L3 provide some further debug\assistance to determine the
    root cause here
    

Local fix

  • Do not use the same password
    

Problem summary

Problem conclusion

Temporary fix

Comments

  • This APAR is associated with SPR# PPOR98LKL8.
    The problem was caused by a user error or user misunderstanding.
    

APAR Information

  • APAR number

    LO75743

  • Reported component name

    DOMINO SERVER

  • Reported component ID

    5724E6200

  • Reported release

    852

  • Status

    CLOSED USE

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-06-12

  • Closed date

    2013-06-25

  • Last modified date

    2013-06-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Domino

Software version:

8.5.2

Reference #:

LO75743

Modified date:

2013-06-25

Translate my page

Machine Translation

Content navigation