IBM Support

You see LDAP error code10 when accessing FileNet Content Manager Workplace application

Troubleshooting


Problem

When logging into Workplace, you receive the error 'LDAP error code 10'

Symptom

Below is the snippet of the Workplace stack trace during logon failure :

Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'server1.se.root.ca.us']; remaining name 'CN=xxxx,OU=Users,OU=Administration,OU=xxxx,DC=xx,DC=root,DC=ca,DC=us'; resolved object com.sun.jndi.ldap.LdapCtx@23bc23bc' naming exception occurred during processing. Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: ''server1.xx.root.ca.us'

Cause

This can happen in a Multiple Domain LDAP environment where a user account in DomainA contains referral data in DomainB, which is outside of the domain in which the account existed.
In this case, the Authentication configuration within the WebSphere application server (WAS) failed to access a user that existed in DomainA, because that user belonged to a group association in DomainB, which was not accessible.

Diagnosing The Problem

Review the WebSphere and Content Engine, systemOut.log ,systemErr.log and P8_server_error.log logs for evidence of the following error:

Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points

Resolving The Problem

To enable the LDAP referrals:

  1. Open the WAS console
  2. Go to Security
  3. Select Secure administration, applications and infrastructure
  4. Federated repositories
  5. Manage repositories
  6. Click on the Repository identifier (do this for both configured identifiers)
  7. Under "Support referrals to other LDAP servers", change from ignore to follow.
  8. Restart the Content Engine and Application Engine instances and test.

[{"Product":{"code":"SSNVNV","label":"FileNet Content Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Content Engine","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"4.5.1;4.5.0;4.0.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21422365

Page Feedback