IBM Security Verify

Hi all,

I'm trying to add AD as federated Directory. I was using the menu item federated Directories to add the Server stance, then after restarting the edited LDAP.CONF for basic-user = yes and added the basic-user-principal-attribute = sAMAccountName to server stanca.

After restarting the runtime I couldn't connect to any LDAP. The WebSEAL logs shows the following ERRORS:
814       2023-04-13-17:05:32.539+02:00I----- 0x1354A0CE webseald ERROR ivc general ira_auth.c 1667 0x7fde8f180dc0 -- HPDCO0206E   LDAP initialization failed: there can only be [server:] stanza entries with the minimal registry data format.
815       2023-04-13-17:05:32.539+02:00I----- 0x1354A0B6 webseald ERROR ivc general azn_maint.cpp 2871 0x7fde8f180dc0 -- HPDCO0182E   LDAP initialization failed: ira_rgy_init("172.27.192.48", 389, "cn=AGPVBO-webseald/isam-rz-man.bvk.int,cn=SecurityDaemons,secAuthority=Default", ***)= 213, 0.
816       2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde67fff700 -- HPDCO0192W   LDAP server 172.27.192.48:389 has failed.
817       2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde677fe700 -- HPDCO0192W   LDAP server 172.27.197.1:389 has failed.
818       2023-04-13-17:05:32.540+02:00I----- 0x38AD50C9 webseald ERROR wiv azn WsMgr.cpp 2215 0x7fde8f180dc0 -- DPWIV0201E   The azn-api function 'azn_initialize' returned 0x1b3a0
819       2023-04-13-17:05:32.540+02:00I----- 0x38CF013A webseald FATAL wwa server WsMgr.cpp 2295 0x7fde8f180dc0 -- DPWWA0314E   Initialization of authorization API failed.  Major status=0x1, minor status = 0x1005b3a0

I can't find anything wrong and also couldn't find a hint regarding that issue. Once the federated Server is removed it works fine. Any hint welcome,
Thanks,
Jens

Hi Jens,

Federated directories are not support with the legacy LDAP data model known as Standard.  Note from the error message,

HPDCO0206E   LDAP initialization failed: there can only be [server:] stanza entries with the minimal registry data format.

See https://www.ibm.com/support/pages/tam-data-model for details on how to check the model and link to how to convert to minimal.

Hi all,

I'm trying to add AD as federated Directory. I was using the menu item federated Directories to add the Server stance, then after restarting the edited LDAP.CONF for basic-user = yes and added the basic-user-principal-attribute = sAMAccountName to server stanca.

After restarting the runtime I couldn't connect to any LDAP. The WebSEAL logs shows the following ERRORS:
814       2023-04-13-17:05:32.539+02:00I----- 0x1354A0CE webseald ERROR ivc general ira_auth.c 1667 0x7fde8f180dc0 -- HPDCO0206E   LDAP initialization failed: there can only be [server:] stanza entries with the minimal registry data format.
815       2023-04-13-17:05:32.539+02:00I----- 0x1354A0B6 webseald ERROR ivc general azn_maint.cpp 2871 0x7fde8f180dc0 -- HPDCO0182E   LDAP initialization failed: ira_rgy_init("172.27.192.48", 389, "cn=AGPVBO-webseald/isam-rz-man.bvk.int,cn=SecurityDaemons,secAuthority=Default", ***)= 213, 0.
816       2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde67fff700 -- HPDCO0192W   LDAP server 172.27.192.48:389 has failed.
817       2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde677fe700 -- HPDCO0192W   LDAP server 172.27.197.1:389 has failed.
818       2023-04-13-17:05:32.540+02:00I----- 0x38AD50C9 webseald ERROR wiv azn WsMgr.cpp 2215 0x7fde8f180dc0 -- DPWIV0201E   The azn-api function 'azn_initialize' returned 0x1b3a0
819       2023-04-13-17:05:32.540+02:00I----- 0x38CF013A webseald FATAL wwa server WsMgr.cpp 2295 0x7fde8f180dc0 -- DPWWA0314E   Initialization of authorization API failed.  Major status=0x1, minor status = 0x1005b3a0

I can't find anything wrong and also couldn't find a hint regarding that issue. Once the federated Server is removed it works fine. Any hint welcome,
Thanks,
Jens