Users unable to login to Mobility WebAdmin

  • 7015622
  • 04-Sep-2014
  • 18-Dec-2015

Environment

Novell GroupWise Mobility Service
Novell Data Synchronizer Mobility Pack

Situation

Users unable to login to Mobility WebAdmin, can't authenticate
WebAdmin reports Invalid Username/Pasword. Please try again.
Users imported with LDAP provisioning - ldapuserid and gwuserid are different
Mobility User Name has been configured after provisioning from ldapuserid to gwuserid

/var/log/datasync/configengine/configengine.log reports the following errors when logging into WebAdmin:
  • Logging into WebAdmin as the ldap userid: <userid> is not a valid mobility user.
  • Logging into WebAdmin as the GW userid: Authentication or LDAP server failure: NO_SUCH_OBJECT


The following is a scenario that could cause this issue:

ldapuserid: k10406
gwuserid: userA

User imported into Mobility via LDAP provisioning.
Mobility Application Name (Mobility User Name) was changed from the ldapuserid (k10406) to gwuserid (userA) so the user would enter the same id they use in the gwclient to access their gw mail.

Since Mobility is using LDAP Authentication, Mobility-Agent resolves this by doing a lookup from the Mobility User Name to the FDN and uses the FDN to authenticate to the ldap server.

When logging into WebAdmin as the mobility user app id (userA), it reports Authentication or LDAP server failure: NO_SUCH_OBJECT. When logging into WebAdmin as the ldapuserid k10406, it reports k10406 is not a valid mobility user.

Resolution

GMS 2.1 should contain a fix for this issue. If GMS 2.1 is not available, please see the steps below for applying to GMS 2.0.1.53.

To apply an FTF patch to GMS 2.0.1.53 only:

  1. See TID 7015282  - How to install dsapp on a Mobility server.
    Note: Once dsapp is installed, proceed with the steps below.
  2. Launch dsapp | Register & Update | Apply FTF / Patch Files
    Note: FTP access must be permitted on this server to access this sub-menu.
  3. Select Log in to the web admin using either the GW or LDAP userid
    Note: The patch file will be downloaded and applied and GMS services will be restarted appropriately.

Cause

Mobility WebAdmin doesn't appear to be doing the same resolve/lookup that the mobility-agent does when using gwuserid as Mobility User Name while using LDAP Authentication. This results in users not being able to login to WebAdmin using either id.

Status

Reported to Engineering