Hi Nick,
thanks for the hint pushing me to the right way. Actually there was no version set at all but it was the old schema. Don't know what happened there as it was setup with a 10.0.3 VA. Anyway, after deleting and recreating the issue is gone and I can federate without any problems.
Best,
jens
------------------------------
Jens Petersen
------------------------------
Original Message:
Sent: Fri April 14, 2023 11:59 AM
From: Nick Lloyd
Subject: HPDCO0206E while trying to federate to AD
Hi Jens,
Federated directories are not support with the legacy LDAP data model known as Standard. Note from the error message,
HPDCO0206E LDAP initialization failed: there can only be [server:] stanza entries with the minimal registry data format.
See https://www.ibm.com/support/pages/tam-data-model for details on how to check the model and link to how to convert to minimal.
------------------------------
Nick
IBM Security Verify Customer Support
Original Message:
Sent: Thu April 13, 2023 11:22 AM
From: Jens Petersen
Subject: HPDCO0206E while trying to federate to AD
Hi all,
I'm trying to add AD as federated Directory. I was using the menu item federated Directories to add the Server stance, then after restarting the edited LDAP.CONF for basic-user = yes and added the basic-user-principal-attribute = sAMAccountName to server stanca.
After restarting the runtime I couldn't connect to any LDAP. The WebSEAL logs shows the following ERRORS:
814 2023-04-13-17:05:32.539+02:00I----- 0x1354A0CE webseald ERROR ivc general ira_auth.c 1667 0x7fde8f180dc0 -- HPDCO0206E LDAP initialization failed: there can only be [server:] stanza entries with the minimal registry data format.
815 2023-04-13-17:05:32.539+02:00I----- 0x1354A0B6 webseald ERROR ivc general azn_maint.cpp 2871 0x7fde8f180dc0 -- HPDCO0182E LDAP initialization failed: ira_rgy_init("172.27.192.48", 389, "cn=AGPVBO-webseald/isam-rz-man.bvk.int,cn=SecurityDaemons,secAuthority=Default", ***)= 213, 0.
816 2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde67fff700 -- HPDCO0192W LDAP server 172.27.192.48:389 has failed.
817 2023-04-13-17:05:32.540+02:00I----- 0x1354A0C0 webseald WARNING ivc general azn_maint.cpp 1142 0x7fde677fe700 -- HPDCO0192W LDAP server 172.27.197.1:389 has failed.
818 2023-04-13-17:05:32.540+02:00I----- 0x38AD50C9 webseald ERROR wiv azn WsMgr.cpp 2215 0x7fde8f180dc0 -- DPWIV0201E The azn-api function 'azn_initialize' returned 0x1b3a0
819 2023-04-13-17:05:32.540+02:00I----- 0x38CF013A webseald FATAL wwa server WsMgr.cpp 2295 0x7fde8f180dc0 -- DPWWA0314E Initialization of authorization API failed. Major status=0x1, minor status = 0x1005b3a0
I can't find anything wrong and also couldn't find a hint regarding that issue. Once the federated Server is removed it works fine. Any hint welcome,
Thanks,
Jens
------------------------------
Jens Petersen
------------------------------