Hi Team,

We are integrating LDAP for CP4I. While configuring we are getting issues, we are given base DN and LDAP url. Please check error screen shot and guide to resolve the issue.

------------------------------
Umesh Chandra
------------------------------

Hi,

There isn't really enough information there to help with specifics, but in general, you need to make sure that the ldap server is accessible from the cluster.

• Are there any firewalls or network policies on the cluster that could be stopping the traffic?
• Are you really using ldaps or is the ldap server unsecured?
• Do you have the port correctly specified?

The error message also says to check the bind parameter values, have you specified a bind dn and bind password to use to connect?

If all those things are correct, you may need to find the logs. They will be in one of the auth-idp pods in the ibm-common-services namespace. The container within the pod is platform-identity-manager and the log message will look something like this:

{"name":"platform-identity-mgmt","hostname":"auth-idp-b9965557c-z2js7","pid":1,"level":30,"err":{"message":"getaddrinfo ENOTFOUND idontknow.where","name":"Error","stack":"Error: getaddrinfo ENOTFOUND idontknow.where\n at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26)","code":"ENOTFOUND"},"msg":"getaddrinfo ENOTFOUND idontknow.where","time":"2024-02-07T10:12:06.299Z","v":0}
{"name":"platform-identity-mgmt","hostname":"auth-idp-b9965557c-z2js7","pid":1,"level":50,"msg":"User-Mgmt:: Error: The LDAP connection failed. Confirm your LDAP host and bind parameter values and try again.","time":"2024-02-07T10:12:06.299Z","v":0}
{"name":"platform-identity-mgmt","hostname":"auth-idp-b9965557c-z2js7","pid":1,"level":30,"msg":"User-Mgmt:: Unable to connect to ldap!","time":"2024-02-07T10:12:06.299Z","v":0}
Unhandled error for request POST /directory/ldap/validateDirectory: Error: The LDAP connection failed. Confirm your LDAP host and bind parameter values and try again.
at Object.errorHandler (/opt/ibm/identity-mgmt/util/identity-util.js:61:17)
at Client.<anonymous> (/opt/ibm/identity-mgmt/common/models/directory.js:1013:40)
at Client.emit (node:events:517:28)
at Backoff.<anonymous> (/opt/ibm/identity-mgmt/node_modules/ldapjs/lib/client/client.js:1040:12)
at Backoff.emit (node:events:517:28)
at Backoff.backoff (/opt/ibm/identity-mgmt/node_modules/backoff/lib/backoff.js:41:14)
at /opt/ibm/identity-mgmt/node_modules/ldapjs/lib/client/client.js:1024:15
at f (/opt/ibm/identity-mgmt/node_modules/once/once.js:25:25)
at TLSSocket.onResult (/opt/ibm/identity-mgmt/node_modules/ldapjs/lib/client/client.js:814:7)
at Object.onceWrapper (node:events:632:26)
at TLSSocket.emit (node:events:517:28)
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)

In my example you can see "getaddrinfo ENOTFOUND idontknow.where" because I used a made up ldap server address. The log should give you more detail about why it fails.

------------------------------
James Hewitt
------------------------------

Original Message:
Sent: Tue February 06, 2024 06:52 AM
From: Umesh Chandra
Subject: LDAP integration for CP4I

Hi Team,

We are integrating LDAP for CP4I. While configuring we are getting issues, we are given base DN and LDAP url. Please check error screen shot and guide to resolve the issue.

------------------------------
Umesh Chandra
------------------------------