Hitachi

JP1 Version 12 JP1/Network Node Manager i Setup Guide


12.5 Troubleshooting the directory service integration

  1. Verify the NNMi LDAP configuration by running the following command:

    nnmldap.ovpl -info

    If the reported configuration is not as expected, verify the settings in the LDAP configuration file.

  2. Force NNMi to re-read the LDAP configuration file by executing the following command:

    nnmldap.ovpl -reload
  3. Test the configuration for one user by running the following command:

    nnmldap.ovpl -diagnose NNMi-user

    Replace NNMi-user with the sign-in name of an NNMi user as defined in the directory service.

    Examine the command output and respond appropriately.

    Note

    In mixed mode, the following message is output. However, this does not indicate a problem in operation, because the LDAP group is not referenced in mixed mode. Therefore, you can ignore the message.

    !!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
    !  No LDAP groups found for this User Distinguished Name.
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    
    
    !!!!!!!!!!!!!!!!!!!!!!!! NOTE !!!!!!!!!!!!!!!!!!!!!!!
    !  LDAP Appears to be Misconfigured. See above for more information.
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  4. Verify that the directory service contains the expected records.

    Use a Web browser or a third-party LDAP browser (for example, the LDAP browser included in Apache Directory Studio) to examine the directory service information.

    Information about the format of a query to a directory service can be found in RFC 1959, An LDAP URL Format, which is available at:

    http://www.ietf.org/rfc/rfc1959.txt
  5. View the %NnmDataDir%log\nnm\nnm.log (Windows) or /var/opt/OV/log/nnm/nnm.log (Linux) log file to verify that the sign-in request is correct and to determine if any errors occurred:

    javax.naming.AuthenticationNotSupportedException:[LDAP:error code 13 - confidentiality required]
    • A message similar to the line below indicates that a timeout occurred while communicating with the directory service. In this case, increase the value of searchTimeLimit in the LDAP configuration file.

    javax.naming.TimeLimitExceededException:[LDAP: error code 3 - Timelimit Exceeded]