XUA:LDAP proxy can't resolve hostname if LDAP_HOST contains a URL prefix

XUA:LDAP proxy can't resolve hostname if LDAP_HOST contains a URL prefix

Solution: Remove the URL prefix from the LDAP_HOST entry on the UACONF file.

Steps to resolve an error due to a URL prefix

Step 1: Logon as an owner of the XUA installation
Step 2: Open the UACONF file and remove the URL prefix such as 'ldaps://' from the LDAP_HOST entry.
Step 3: Run the XUA macro and execute the XUA_SYNTAX_CHECK macro to ensure no syntax errors on the UACONF and UAACL files
Step 4: Validate XUA resolves the hostname on the LDAP_HOST entry


< the LDAP_HOST example on the UACONF file >
!------------------- LDAP UACONF SECTION -----------------------------------
! the URL prefix ldaps:// has been removed from the LDAP_HOST 
LDAP_HOST                      ldapsvc.example.com


< Screen-shot: TESTLDAP TRACE >
$VOL XUATEST 9> testldap trace
24:28  Setting TCP/IP Process to $ZTC0
LDAPSVC.EXAMPLE.COM resolves to LDAPSVC.EXAMPLE.COM
========

------------------------------------------------------

       MAIN(): Begin LDAP Proxy on 06/18/23 @ 15:24:28



Process Name is \EXAMSRV.$Z1PF


24:28  Ldap host name passed:LDAPSVC.EXAMPLE.COM  
<<<<<<< hostname defined on the UACONF file
24:28  Actual Ldap host name:LDAPSVC.EXAMPLE.COM
24:28  Ldap port: 636
24:28  Ldap version: 3
24:28  Ldap proxy IP process:$ZTC0
24:28  Ldap proxy port (deprecated):6999
24:28  ldap proxy timeout:005
24:28  ldap proxy type:1

ENTER Domain name :

Enter User :ldap_acc@ldapsvc.com

Password :
24:44   Entering authenticate_user

24:44   Host LDAPSVC.EXAMPLE.COM has 8 IP addr(s) assigned to it

24:44   authenticate_user pass 1
LDAPSVC.EXAMPLE.COM resolves to LDAPSVC.EXAMPLE.COM
========

24:44   No Connection - Starting connection to server LDAPSVC.EXAMPLE.COM (LDAPSVC.EXAMPLE.COM)

24:44  START_LDAP_SERVER(): Begin
24:44     Initiating LDAP over SSL connection to: ldaps://LDAPSVC.EXAMPLE.COM:636

24:44      Ldap proxy CACERTFILE: /G/system/xygateua/ldapcert

24:44   Entering do_authenticate_user
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP LDAPSVC.EXAMPLE.COM:636
ldap_new_socket: -1
ldap_new_socket: -1
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.12.34.56:636          
<<<<<<< hostname is resolved to IP Address
ldap_pvt_connect: fd: 3 tm: 5 async: 0
ldap_ndelay_on: 3
ldap_int_poll: fd: 3 tm: 5
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_pvt_connect: 0                                  
<<<<<<< session is established 
TLS trace: SSL_connect:before/connect initialization  <<<<<<< TLS trace: SSL handshakes begin
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:unknown state
TLS certificate verification: depth: 1, err: 0, subject: /DC=LOCAL/DC=EXAMPLE/CN=VM-CA01, issuer: /DC=LOCAL/DC=EXAMPLE/CN=VM-CA01
TLS certificate verification: depth: 0, err: 0, subject: /CN=LDAPSVC.EXAMPLE.COM, issuer: /DC=LOCAL/DC=EXAMPLE/CN=VM-CA01
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
ldap_open_defconn: successful                      
<<<<<<< established a LDAP connection over TLS/SSL
ldap_send_server_request
ldap_result ld 806bf30 msgid 1
wait4msg ld 806bf30 msgid 1 (infinite timeout)
wait4msg continue ld 806bf30 msgid 1 all 0
** ld 806bf30 Connections:
* host: LDAPSVC.EXAMPLE.COM  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Sun Jun 18 15:24:44 2023


** ld 806bf30 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 806bf30 request count 1 (abandoned 0)
** ld 806bf30 Response Queue:
   Empty
  ld 806bf30 response count 0
ldap_chkResponseList ld 806bf30 msgid 1 all 0
ldap_chkResponseList returns ld 806bf30 NULL
ldap_int_select
read1msg: ld 806bf30 msgid 1 all 0
read1msg: ld 806bf30 msgid 1 message type bind
read1msg: ld 806bf30 0 new referrals
read1msg:  mark request completed, ld 806bf30 msgid 1
request done: ld 806bf30 msgid 1
res_errno: 0, res_error: <>, res_matched: <>        
<<<<<<< res_errno: 0 means LDAP_SUCCESS
ldap_free_request (origid 1, msgid 1)
ldap_parse_result

24:44   AD lookup returned 0

24:44   socket lookup returned 3

24:44   LDAP server addr is 10.12.34.56

 User Id: ldap_acc@ldapsvc.com
 Access allowed: 0                    
<<<<<<< Access allowed: 0 means LDAP auth has succeeded.

Enter User :

    • Related Articles

    • XMA: Send XMA messages to SIEM via HPE SSL proxy

      Step 1: initiate an HPE SSL proxy if the HPE SSL Proxy is not running - Mode: PROXYC - SUBNET: the name of the TCPIP stack - PORT: HPE SSL proxy client port, this is the same as the port specified next to the IPALERT_PORT entry in the FILTER ...
    • XUA: XUA_EXECUTE_RSA_PROXY successful but no passcode prompt is received

      The timeout value should be increased and the underlying issue causing the timeout should be investigated. If XUA_EXECUTE_RSA_PROXY is successful but no RSA passcode prompts are received check the timeout value that is configured. In XUA versions ...
    • XUA: Mapping a Nonstop userid to an LDAP userid

      Ldap search method: This requires that the Nonstop userid is stored in an attribute of the LDAP userid in the LDAP user database. In this case you set up the ldap search method. Configure the user to connect to the LDAP server with (the search user), ...
    • XMA: SLSENDER Error unable to send messages to host.

      The SYSLOGQ database table in the XMADAT subvolume has 2 columns that can be used to determine if messages are being sent to the SIEM. ENTRYGMT is the timestamp when the message was inserted into the queue by a mover. ALERTEDGMT is the timestamp when ...
    • XUA: LDAP and RSA installation Directory create failure for /rsa

      The error can be ignored if the RSA web service isn't going to be used. This is the last step the installation does before doing xua_finish_install (if 255,255) or asking to complete the installation by logging on as 255,255 and running a ...