Troubleshooting
Problem
When logging into Workplace, you receive the error 'LDAP error code 10'
Symptom
Below is the snippet of the Workplace stack trace during logon failure :
Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'server1.se.root.ca.us']; remaining name 'CN=xxxx,OU=Users,OU=Administration,OU=xxxx,DC=xx,DC=root,DC=ca,DC=us'; resolved object com.sun.jndi.ldap.LdapCtx@23bc23bc' naming exception occurred during processing. Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: ''server1.xx.root.ca.us'
Cause
This can happen in a Multiple Domain LDAP environment where a user account in DomainA contains referral data in DomainB, which is outside of the domain in which the account existed.
In this case, the Authentication configuration within the WebSphere application server (WAS) failed to access a user that existed in DomainA, because that user belonged to a group association in DomainB, which was not accessible.
Diagnosing The Problem
Review the WebSphere and Content Engine, systemOut.log ,systemErr.log and P8_server_error.log logs for evidence of the following error:
Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
Resolving The Problem
To enable the LDAP referrals:
- Open the WAS console
- Go to Security
- Select Secure administration, applications and infrastructure
- Federated repositories
- Manage repositories
- Click on the Repository identifier (do this for both configured identifiers)
- Under "Support referrals to other LDAP servers", change from ignore to follow.
- Restart the Content Engine and Application Engine instances and test.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21422365