10-22-2012 05:32 AM - edited 07-03-2021 10:53 PM
I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.
WLC5508 software 7.2.110
wlan id 1 is set to LDAP server1
wlan id 4 is set to LDAP server2
tests
user server1 connect to wlan1
user server1 connect to wlan4 - this should not happen
user server2 connect to wlan4
user server2 connect to wlan1 - this should not happen
This scenario already work fine on WLC 4400 with software 7.0.116
Anyone already has a similar problem?
thanks,
Murilo Cavallini
10-22-2012 05:39 AM
the correct wlan and ldap:
wlan id 1 is set to LDAP server2
wlan id 4 is set to LDAP server1
tests
user on server1 connect to wlan4
user on server1 connect to wlan1 - this should not happen
user on server2 connect to wlan4
user on server2 connect to wlan1 - this should not happen
10-22-2012 08:22 AM
Are wlc skipping primary ldap and hitting global entry or on what condition it hits the other ldap.
are you using internal/external or no radius.
unlike Radius, ldap didn't have configurable fallback or locking an ldap to wlan.
can you share the debugs for ldap.
10-22-2012 09:07 AM
10-28-2012 02:20 PM
wlan id 1 is set to LDAP server2
wlan id 4 is set to LDAP server1
tests
user on server1 connect to wlan4
user on server1 connect to wlan1 - this should not happen
user on server2 connect to wlan4 - THIS SHOULDN'T HAPPEN, actually.
user on server2 connect to wlan1
can you split the LDAP server config on WLC using different config for server 1 & 2 and or make users unavailable on one or the other server.
10-29-2012 05:58 AM
Both DataBase is created on the same AD, but this Server has 2 network interface.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
wlan1 is set to LDAP Server2: IP address 10.19.198.254
show ldap 2
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br
Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
wlan2 is set to LDAP Server1: IP address 10.19.198.176
show ldap 1
Server Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... AnonymousServer Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
This is the problem that I can see:
Auth. Request is sent:
*LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR" type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)
Binding with the user with database:
*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br
WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.
thanks a lot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide