Manually disabling LDAP authentication

From CMOD.wiki
Revision as of 21:16, 14 April 2015 by Jderrick (talk | contribs) (Tweaked spacing.)
Jump to navigation Jump to search

What happened?

You were likely trying to configure Content Manager OnDemand for LDAP, and now OnDemand won't start after enabling the LDAP Authentication checkbox in the OnDemand Administrator Client.

Symptoms and error messages

The documentation for enabling LDAP isn't perfect, and in CMOD version 9.0 and higher, enabling LDAP can cause OnDemand to not start up after issuing the "arssockd -S" command. Of course, without being able to start Content Manager OnDemand, you can't log in to turn LDAP off. If you check the console output, you might find errors like these:

arssockd (ARCHIVE): ARSSOCKD 2 437 ARS0437E The OnDemand stash file >< either does not exist or is not valid. Return Code=4.

These instructions will manipulate the contents of the CMOD database directly to disable LDAP so you can resume troubleshooting. USE THESE INSTRUCTIONS WITH CAUTION.

Directions

First, check your system to see what the current value of the SYS_MASK field is: 

 $ db2 connect to archive

  Database Connection Information

 Database server        = DB2/AIX64 10.1.4
 SQL authorization ID   = ODADMIN
 Local database alias   = ARCHIVE
 
 
 $ db2 "select SYS_MASK from arssys"

 SYS_MASK
 ----------
          4
 
 1 record(s) selected.
 
 $ db2 terminate
 DB20000I  The TERMINATE command completed successfully.

If the result of this query on your system is the same as the example, you can issue the following commands to disable LDAP. If your results are different, skip to the next section. 

 $ db2 connect to archive

  Database Connection Information

 Database server        = DB2/AIX64 10.1.4
 SQL authorization ID   = ODADMIN
 Local database alias   = ARCHIVE
 
 $ db2 "update arssys set sys_mask=0"
 DB20000I  The SQL command completed successfully.
 $ db2 terminate
 DB20000I  The TERMINATE command completed successfully.

If the results of the query are different on your system, you likely have other options enabled. 

   $ db2 "select SYS_MASK from arssys"

   SYS_MASK
   ----------
           20
 
   1 record(s) selected.
 
   $ db2 terminate
   DB20000I  The TERMINATE command completed successfully.

In this example, simply subtract 4 from the value returned on your system, and update the field in the database accordingly: 

 $ db2 connect to archive

  Database Connection Information

 Database server        = DB2/AIX64 10.1.4
 SQL authorization ID   = ODADMIN
 Local database alias   = ARCHIVE
 
 $ db2 "update arssys set sys_mask=16"
 DB20000I  The SQL command completed successfully.
 $ db2 terminate
 DB20000I  The TERMINATE command completed successfully.

Additional Resources

The root cause of this issue is that you likely do not have a stash file configured for LDAP on CMOD. Here are some IBM Knowledgebase Articles about Content Manager OnDemand stash files and LDAP:


Content Manager OnDemand V9.0/9.5 LDAP authentication process:

http://www-01.ibm.com/support/docview.wss?uid=swg21597246

Content Manager OnDemand V8.5 and later LDAP authentication to active directory server fails with an error:

http://www-01.ibm.com/support/docview.wss?uid=swg21610510

Using arsstash files for authenticating to DB2, Oracle, or LDAP:

http://www-01.ibm.com/support/docview.wss?uid=swg21608635

Retrieved from "https://CMOD.wiki/index.php?title=Manually_disabling_LDAP_authentication&oldid=118"