After our recent migration from BO 3.1 to BI 4.1 we are experiencing LDAP authentication issue.
Note: BO 3.1 environment has been working without any issues.
New Environment Details:
Business Objects Version: BI 4.1 SP5
Authentication: LDAP (Siteminder)
LDAP Server Type: Oracle Internet Directory
OID: 11g (11.1.1.7.2)
Below is the error "SecLDAP Plugin failed to find the user uid:<xxx>, ou=internal, ou=users, dc=<companyname>, dc=com.
Manual logins using the short ID i.e e12345 works fine and users are able to login without any issue, however when we use DN i.e uid=e1234, ou=internal, ou=users, dc=<CN>, dc=com - Authentication fails and throws the same error.
Upon looking at the CMS logs, I see the following during an attempt to login with the full dn:2015 06 03 12:14:02:659|-0400|LDAP: LdapQueryForAttribute: *QUERY* base: dc=com, scope: 0, filter: (objectclass=*), attribute: dn 2015 06 03 12:14:02:659|-0400|LDAP: LdapQueryForAttribute: *QUERY*result: 50 took 0 ms
Here, we see that the request was sent to dc=com, but the LDAP server returned an error code 50. Looking this error code up (http://docs.oracle.com/cd/E19957-01/816-5618-10/netscape/ldap/LDAPException.html#INSUFFICIENT_ACCESS_RIGHTS) shows us that the error is caused by Insufficient rights for this query.
SAP Support Recommendation:
As this query is unnecessary and causing your issues, there is a registry key that can be added to directly specify the base DN to be searched. Please see KBA 1873202 and implement the DefaultNamingContexts key shown there (with the value of your correct baseDN). While your issue is not the same as shown, the addition of this key should stop the LDAP plugin from querying that invalid root (dc=com). You may also need to implement the GroupBaseDNs key with the same value, as shown in KBA 1459328.
We have added the required entries in the registry files,
Below ar ethe entries
1. Name:DefaultNamingContexts Value:dc=CN,dc=com
2. Name:GroupBaseDNs Value:dc=CN,dc=com
3. Name: GroupFilter Value:true
Rebooted the system but still get the same error. We have shared the details from the log to our LDAP Administrators including our LDAP Authentication configuration details.
After reviewing the excerpt from the logs and the error encountered, they have stated that it is company policy where root level access (i.e. access at dc=com) cannot be granted to the user credentials that we use to access LDAP server.
Has anyone experiences the same issue with BI 4.1 ? Is there any workaround available?