LDAP issues with 5508 WLC

mukka · ‎10-22-2012

I have deployed two wlans with two LDAP servers and different OU configurantion in each LDAP.

WLC5508 software 7.2.110

wlan id 1 is set to LDAP server1

wlan id 4 is set to LDAP server2

tests

user server1 connect to wlan1

user server1 connect to wlan4 - this should not happen

user server2 connect to wlan4

user server2 connect to wlan1 - this should not happen

This scenario already work fine on WLC 4400 with software 7.0.116

Anyone already has a similar problem?

thanks,

Murilo Cavallini

mukka · ‎10-22-2012

the correct wlan and ldap:

wlan id 1 is set to LDAP server2

wlan id 4 is set to LDAP server1

tests

user on server1 connect to wlan4

user on server1 connect to wlan1 - this should not happen

user on server2 connect to wlan4

user on server2 connect to wlan1 - this should not happen

Saravanan Lakshmanan · ‎10-22-2012

Are wlc skipping primary ldap and hitting global entry or on what condition it hits the other ldap.

are you using internal/external or no radius.

unlike Radius, ldap didn't have configurable fallback or locking an ldap to wlan.

can you share the debugs for ldap.

mukka · ‎10-22-2012

We are using external LDAP
This issue is intermittent in my scenario. Some times it works , and another I have this issue.

attached logs, I removed only OU names

do you have any suggestion about this issue?

thanks and best regards,

Saravanan Lakshmanan · ‎10-28-2012

wlan id 1 is set to LDAP server2

wlan id 4 is set to LDAP server1

tests

user on server1 connect to wlan4

user on server1 connect to wlan1 - this should not happen

user on server2 connect to wlan4 - THIS SHOULDN'T HAPPEN, actually.

user on server2 connect to wlan1

can you split the LDAP server config on WLC using different config for server 1 & 2 and or make users unavailable on one or the other server.

mukka · ‎10-29-2012

Both DataBase is created on the same AD, but this Server has 2 network interface.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

wlan1 is set to LDAP Server2: IP address 10.19.198.254

show ldap 2

Server Index..................................... 2

Address.......................................... 10.19.198.254

Port............................................. 389

Enabled.......................................... Yes

User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR

User Attribute................................... sAMAccountName

User Type........................................ Person

Retransmit Timeout............................... 2 seconds

Bind Method ..................................... Anonymous

*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=GloboMobile,DC=wlan,DC=tvglobo,DC=com,DC=br

Server Index..................................... 2
Address.......................................... 10.19.198.254
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

wlan2 is set to LDAP Server1: IP address 10.19.198.176

show ldap 1

Server Index..................................... 1

Address.......................................... 10.19.198.176

Port............................................. 389

Enabled.......................................... Yes

User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR

User Attribute................................... sAMAccountName

User Type........................................ Person

Retransmit Timeout............................... 2 seconds

Bind Method ..................................... AnonymousServer Index..................................... 1
Address.......................................... 10.19.198.176
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=BR
User Attribute................................... sAMAccountName
User Type........................................ Person
Retransmit Timeout............................... 2 seconds
Bind Method ..................................... Anonymous

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is the problem that I can see:

Auth. Request is sent:

*LDAP DB Task 2: Oct 25 09:13:08.710: ldapAuthRequest [2] called lcapi_query base="OU=Convidados,DC=wlan,DC=tvg,DC=com,DC=BR" type="Person" attr="sAMAccountName" user="didatagm" (rc = 32 - No such object)

Binding with the user with database:

*LDAP DB Task 1: Oct 25 09:13:08.716: Attempting user bind with username CN=didatagm,OU=Mobile,DC=wlan,DC=tvg,DC=com,DC=br

WLC is requesting for LDAP SERVER2 and is binding for LDAP SERVER1. This issue is occuring only sometimes.

thanks a lot.