User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerconnect W-ClearPass Hardware Appliances

471

472

473

474

475

476

477

478

479

480

1. To look up a sponsor, select a server name in the LDAP Server table, then click the Test Lookup link. The

Test Operator Lookup area is added to the LDAP servers list.

2. In the Lookup field, enter a lookup value. This can be an exact username, or you can include wildcards.If

you use wildcards, the search might return multiple values.

3. In the Search Mode field, use the drop-down list to specify whether to search for an exact match or use

wildcard values.

4. (Optional) Click the Advanced check box to display detailed authorization information for the specified

sponsor.

5. Click Search Directory to attempt to find sponsor names that match the lookup values, or click

Cancel to cancel the test. The Authentication Test area is added above the server names to indicate the

search’s progress.

Troubleshooting Error Messages

The error messages in the following table can be used to diagnose error messages such as: “LDAP Bind failed:

Invalid credentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,

vece), bind DN was: …”

Error Data Reason

525 User not found

52e Invalid credentials (password is incorrect)

530 Not permitted to log on at this time

531 Not permitted to log on at this workstation

532 Password has expired

533 Account is disabled

701 Account has expired

773 User must reset password

775 User account is locked

Table 110: LDAP Error Messages

Other items to consider when troubleshooting LDAP connection problems:

l Verify that you are using the correct LDAP version – use ldap:// for version 2 and ldap3:// to specify

LDAP version 3.

l Verify that you are using an SSL/TLS connection – use ldaps:// or ldap3s:// as the prefix of the Server

URL.

l Verify that the Bind DN is correct – the correct DN will depend on the structure of your directory, and

is only required if the directory does not permit anonymous bind.

l Verify that the Base DN is correct – the Base DN for user searches is fixed and must be specified as

part of the Server URL. If you need to search in different Base DNs to match different kinds of operators,

then you should define multiple LDAP Servers and use the priority of each to control the order in which the

directory searches are done.

Dell Networking W-ClearPass Guest 6.4 | User Guide Operator Logins | 471