cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1701
Views
0
Helpful
4
Replies

WLC-5508 Problem with AD (win2003) - rc = 1005 - LDAP bind failed

jguandalini
Level 1
Level 1

Hi, I am having problems with my WLC to connect in my LDAP (ActiveDirectory).

I have 3 interfaces in the controller:

- Management  (vlan709): 10.41.200.253

- lan (vlan 1): 190.1.1.123

- guest (vlan 708): 10.41.222.253

My LDAP server is: 190.1.1.22

The controller could ping the LDAP Server. And LDAP Server ping WLC too.

When the controller try to connect in the LDAP server, return this on debug:

ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).

*LDAP DB Task 1: Oct 29 15:11:16.924: %AAA-3-LDAP_CONNECT_SERVER_FAILED:

*LDAP DB Task 1: Oct 29 15:10:52.932: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapInitAndBind [1] configured Method Authenticated lcapi_bind (rc = 1005 - LDAP bind failed)

*LDAP DB Task 1: Oct 29 15:10:54.932: ldapClose [1] called lcapi_close (rc = 0 - Success)

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to IDLE

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP server 1 changed state to RETRY

*LDAP DB Task 1: Oct 29 15:10:54.933: LDAP_OPT_REFERRALS = -1

Someone could help me please?

Thanks

4 Replies 4

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

Per Best practice keep the LDAP server on Management vlan or on vlan that is not part of dynamic vlan interface of wlc.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml

Hello Saravanan, thanks for your reply.

But because our environment, I can not put in vlan management. I need to be on a separate VLAN, it will not work well?

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

It is important to avoid configuring a dynamic interface in the same sub network as a server that has to be reachable by the controller CPU, for example a RADIUS server, as it might cause asymmetric routing issues.

Thanks for your reply.

unfortunately I can not change my environment at the moment. I'll need to think of something to solve the problem with my current scenario, using the AD in a dynamic interface.
But various tests failed.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: