Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1009063.1
Update Date:2011-03-16
Keywords:
Solution Type  Problem Resolution Sure

Solution  1009063.1 :   Sun Ray[TM] Server Software 2.0: "Could not bind to LDAP server - Invalid credentials" Error  

Related Items 
    

  • Sun Ray Hardware
    •  
  • Sun Ray Hardware
    •  
  • Sun Ray Software
    •  
  • Sun Ray Hardware
    •  
  • Sun Ray Hardware
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Desktops>Desktop Virtualization>Sun Ray Hardware
    •  
  • GCS>Sun Microsystems>Desktops>Desktop Virtualization>Sun Ray Software
    •  

PreviouslyPublishedAs
212496 


Symptoms
Users are unable to log in to the Sun Ray[TM] Appliance. The Authentication

for the utadmin password fails with the following error messages from Sun

Ray[TM] Server Software 2.0.
In /var/opt/SUNWut/log/messages,
Apr 14 19:10:38 host utauthd: [ID 702911 user.info] open_connection():
Could not bind to LDAP server - Invalid credentials
In /var/opt/SUNWut/srds/log/utdsd.log,
Wed Apr 14 19:10 : conn=4 op=0 RESULT err=49 tag=97 nentries=0
Wed Apr 14 19:10 : Bind failed ; act as anonymous


Resolution
The root cause of the problem is that an invalid utadmin password is stored

in the Sun Ray[TM] Data Store, which is a Sun Ray[TM] private LDAP (Lightweight Directory Access Protocol) database.
(Another cause could affect the system, see Additional Information(2).)
If you remember the current utadmin password, change it with
/opt/SUNWut/sbin/utpw.
If you have forgotten the password, follow the procedure below to modify
the Sun Ray[TM] Data Store before changing the password with /opt/SUNWut/sbin/utpw (above).
# /etc/init.d/utsvc stop
# /etc/init.d/utds stop
# cd /var/opt/SUNWut/srds/dbm.ut/
# tar cvf /tmp/ldapbackup.tar *
<-- (optional) back it up for a case something fails
# /opt/SUNWut/srds/lib/utldbmcat -n id2entry.dbb > /tmp/backup.ldif
# vi /tmp/backup.ldif
<-- Edit /tmp/backup.ldif
Search for userpassword and modify that entry to
{sunds}cfa554ccacd00c, i.e., from
-----
dn: cn=utadmin,utname=host,o=v1,o=utdata
objectclass: person
objectclass: top
cn: utadmin
sn: utadmin
description: This is the UT admin user entry
creatorsname: cn=admin,o=utdata
createtimestamp: 20040315053439Z
subschemasubentry: cn=schema
modifytimestamp: 20040415050038Z
modifiersname: cn=utadmin,utname=host,o=v1,o=utdata
userpassword: {sunds}6c6bebe5d1deb2
-----
to
-----
dn: cn=utadmin,utname=host,o=v1,o=utdata
objectclass: person
objectclass: top
cn: utadmin
sn: utadmin
description: This is the UT admin user entry
creatorsname: cn=admin,o=utdata
createtimestamp: 20040315053439Z
subschemasubentry: cn=schema
modifytimestamp: 20040415050038Z
modifiersname: cn=utadmin,utname=host,o=v1,o=utdata
userpassword: {sunds}cfa554ccacd00c
-----
This changes the utadmin password to "default".
# /opt/SUNWut/srds/lib/utldif2ldbm -c -j 10 -i /tmp/backup.ldif
# /etc/init.d/utds start
# /etc/init.d/utsvc start
# /opt/SUNWut/sbin/utpw
Enter new UT admin password:      <-- enter your favorite passwd
Re-enter new UT admin password:   <-- again
Enter old UT admin password:      <-- enter "default"
Changing LDAP password...
Done.
Changing password file...
Warning: The password file contents do not match the input rootdn
password.
Would you like to update /etc/opt/SUNWut/utadmin.pw ?
Default is 'y'. Enter 'y' or 'n' (y/n) ?   <-- enter "y"
Done.
Note: If this server is part of a failover
configuration, please run utpw on the
remaining servers.
#
You will need to perform the same procedure on all Sun Ray servers is the same replication group.


Additional Information
1)

There is another procedure to interrupt the utdsd to create a backup

as follows.  With this procedure, you do not need to scedule an outage

just to create the backup.



# /opt/SUNWut/srds/lib/utdscmd -f

Database set to readonly mode

[... create ldif here]

# /opt/SUNWut/srds/lib/utdscmd -n

Database back to normal mode



2)

There's another root cause of this issue.

utconfig fails to correctly set the LDAP password when the password contains an ampersand ("&").

Product
Sun Ray Server Software 2.0

Sun Ray 1 Ultra-Thin Client

Sun Ray 1g Ultra-Thin Client

Sun Ray 150 Ultra-Thin Client

Sun Ray 100 Ultra-Thin Client


 Internal Comments

 Sun Ray[TM] Server Software 2.0



 See also http://pts.emea/jse/products/sunray/add/ldap.html#Adminpassword%20(encrypted) for similar instructions for the SRSS 1.3.

 See Bug 6185099  for details of the ampersand issue. (This bug is not visible on external Sunsolve because it is security related)

 sunray, sun ray, utadmin, passwd, LDAP, SRDS, credentials, 6185099

 Previously Published As

 75554



 Change History

 -22

 User Name: 74092

 Action: Update Canceled

 Comment: *** Restored Published Content *** I haven't got round to it yet. Back to the queue.

 Version: 0

 Date: 2006-08

 Date: 2005-10-28

 User Name: 74092

 Action: Update Started

 Comment: doc needs to be updated

 Version: 0

 Date: 2005-10-28

 User Name: 91286

 Action: Add Comment

 Comment: There is a special case this doc does not cover yet:

 Failover, password correct everywhere, except in the utadmin.pw file

 on a secondary server. In this case, the best procedure probably

 is to manually fix the utadmin.pw file on the secondary.

 Version: 0











Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback