Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1708
Views
0
Helpful
4
Replies

WLC-5508 Problem with AD (win2003) - rc = 1005 - LDAP bind failed

jguandalini
Level 1
Level 1

‎10-29-2012 11:39 AM - edited ‎07-03-2021 10:56 PM

Hi, I am having problems with my WLC to connect in my LDAP (ActiveDirectory).

I have 3 interfaces in the controller:

- Management  (vlan709): 10.41.200.253

- lan (vlan 1): 190.1.1.123

- guest (vlan 708): 10.41.222.253

My LDAP server is: 190.1.1.22

The controller could ping the LDAP Server. And LDAP Server ping WLC too.

When the controller try to connect in the LDAP server, return this on debug:

ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).

*LDAP DB Task 1: Oct 29 15:11:16.924: %AAA-3-LDAP_CONNECT_SERVER_FAILED:

*LDAP DB Task 1: Oct 29 15:10:52.932: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapClose [1] called lcapi_close (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to IDLE

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to RETRY

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP_OPT_REFERRALS = -1

Someone could help me please?

Thanks

Labels:
0 Helpful
4 Replies 4

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎10-29-2012 02:09 PM

Per Best practice keep the LDAP server on Management vlan or on vlan that is not part of dynamic vlan interface of wlc.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

0 Helpful

jguandalini
Level 1
Level 1
In response to Saravanan Lakshmanan

‎10-29-2012 02:33 PM

Hello Saravanan, thanks for your reply.

But because our environment, I can not put in vlan management. I need to be on a separate VLAN, it will not work well?

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee
In response to jguandalini

‎10-29-2012 02:55 PM

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

It is important to avoid configuring a dynamic interface in the same sub network as a server that has to be reachable by the controller CPU, for example a RADIUS server, as it might cause asymmetric routing issues.

0 Helpful

jguandalini
Level 1
Level 1
In response to Saravanan Lakshmanan

‎10-30-2012 11:22 AM

Thanks for your reply.

unfortunately I can not change my environment at the moment. I'll need to think of something to solve the problem with my current scenario, using the AD in a dynamic interface.
But various tests failed.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card