When having issues with LDAP setup in Control-M/Enterprise Manager, what is the process to enable debug?

Version 4
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M/Enterprise Manager


    COMPONENT:

    Control-M/Enterprise Manager


    APPLIES TO:

    Control-M/Enterprise Manager all supported versions.



    QUESTION:

    When having issues with LDAP setup in Control-M/Enterprise Manager, what is the process to enable debug?


    ANSWER:

     

    Start LDAP specific debug using the following steps:

      

    1) Edit the file <EM Home>/etc/ldap.conf and add the following line at the end:

    LDAP_DEBUG ON

      

    3) Stop and restart GUI Server.
    4) From the Control-M Configuration Manager, start GUI Server debug by doing right click over the GUI Server, select "Control Shell" and enter the next command:

    DIAGL *default 5 (click APPLY)

    5) Configure the required parameters in the CCM -> System Parameters -> EM Parameters -> LDAP configuration screen and "Activate Changes".
    6) Attempt a login to the Control-M/Enterprise Manager GUI with the LDAP user/password.

      

    Review/send the following information just after the login attempt:

    a) Run the em_data_collector command and send the file that it creates.
    b) Send the file <EM Home>/etc/ldap.conf
    c) Send the file  <EM Home>/etc/DirectoryServiceType.cfg
    d) Send the output of the following database queries:

    > select * from GENERALAUTHORIZATIONS
    > select * from USERSGROUPS

    e) Note the values of the "sAMAccountName", "distinguishedName" attributes of the user that tries to login to Control-M/Enterprise Manager, retrieved from LDAP directory (you may need your Active Directory administrator's assistance).
    f) Note the values of the "sAMAccountName", "distinguishedname" and "members" attributes of the group "<replace with ldap group name>", retrieved from LDAP directory (you may need your Active Directory administrator's assistance).

      

    To stop debug:

    1. From the Control-M Configuration Manager, do right click over the GUI Server, select "Control Shell" and enter the next command:

    DIAGL *default 2 (click APPLY)

      

    2.  Edit the file <EM Home>/etc/ldap.conf and remove the following line at the end, which was added per the instructions of this Knowledge Article:

    LDAP_DEBUG ON


    3. Recycle the GUI Server.

      

    Additional Information:
    Customers viewing this solution may find value in the following self-help Connect with Control-M video.

     


    Article Number:

    000029430


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles