Maximo Open Forum

 View Only

Related Content

  • 1.  LDAP over SSL

    Posted 2 hours ago

    Gentlemen experts, good health to all!
    I need some advice!
    I had LDAP authentication configured via the standard port 389.
    I need to configure LDAP over SSL. I'm setting the SSLEnabled parameter to true. I'm changing the connection port to 636.
    I'm getting an error in the log. I'd like to know how to fix this?
    [INFO] [MAXIMO] [CID-CRON-3632] Correlation started, correlation data added: InstanceName:LDAPS-TEST TaskName:LDAPSYNC Activity:ACTION
    [10.03.26 20:04:27:617 MSK] 000000f7 SystemOut O Mar 10, 2026 20:04:27:613 [ERROR] [MAXIMO] [CID-CRON-3632] BMXAA6765E - The LdapSyncCronTask cron task could not be started. This message will be repeated if the initialization fails when the task runs again. See the associated message.
    psdi.security.ldap.LdapSyncException: BMXAA6774W - The rootDSE attribute for attribute name highestCommittedUSN was not found. 
    at psdi.security.ldap.ads.ActiveDirectorySynchronizer.getRootDSEAttributeValue(ActiveDirectorySynchronizer.java:731) ~[businessobjects.jar:?] 
    at psdi.security.ldap.ads.ActiveDirectorySynchronizer.determineSynchronizationNeed(ActiveDirectorySynchronizer.java:617) ~[businessobjects.jar:?] 
    at psdi.security.ldap.AbstractLdapSynchronizer.performSync(AbstractLdapSynchronizer.java:278) ~[businessobjects.jar:?] 
    at psdi.security.ldap.LdapSyncTask.performTask(LdapSyncTask.java:391) ~[businessobjects.jar:?] 
    at psdi.security.ldap.LdapSyncCronTask.cronAction(LdapSyncCronTask.java:262) [businessobjects.jar:?]


    #EverythingMaximo

    ------------------------------
    Sergey Melnikov
    RusNet
    ------------------------------


  • 2.  RE: LDAP over SSL

    Posted 39 minutes ago

    You want to ensure you follow the instructions here: Authentication error when running LDAPSYNC.

    In addition to the port that you connect to LDAP on, there is a catalog port that it uses to try and traverse the forest. If you have a VPN (in a cloud environment), you'll need to ensure the port access is opened as well. 

    I personally prefer using VMMSync rather than LDAPSync. This would connect to WebSphere to pull users and groups rather than requiring duplicate LDAP configuration (in WebSphere and Maximo) and avoid the use of the global catalog port and such. But if you were previously using LDAP sync it's certainly easier to get it to work over SSL than switching your process. 



    ------------------------------
    Steven Shull
    Naviam
    ------------------------------

    Original Message