Unable to login to xFlow due to userAccountControl error with LDAP integration

Document ID : KB000046040
Last Modified Date : 14/02/2018
Show Technical Document Details


On some installations of SDM, there may be a problem in trying to login to the xFlow interface.  The xFlow interface will report a "Login failed" error message.  In the logs, concurrent to the above occurrence, one may see an error such as:

01/11 11:12:13.14 SERVER1 domsrvr 6052 ERROR domset.c 8921 Error in display_by_index method select_response: Column userAccountControl not found in table ca_contact (subquery 1.0 SELECTION) at . userAccountControl


CA Service Desk 14.1, CP3, xFlow interface



In an earlier version of technical document TEC489029:  “How to get pdm_ldap_sync to synchronize the ldap-enabled/disabled status with contact's active/inactive status in servicedesk?”, instructions were given to create a cnt.mod file with the following content::

ATTRIBUTES ca_contact{
userAccountControl INTEGER;

The problem with the above instructions is that an attribute is introduced to the cnt object, "userAccountControl" through the ca_contact table.  However, this attribute should be applied via Web Screen Painter's Schema Designer, and written to the usp_contact table.  Further, only an attribute definition for userAccountControl is given in the cnt.mod file.  There is no supporting schema definition given that corresponds to the object attribute definition.



Document TEC489029 has been updated to reflect an updated approach to accomplishing the same task within LDAP integration.  To address the above concerns with regards to xFlow authentication:

  1. Remove the existing cnt.mod file that is described above, making sure that its contents match the above description (the mod file can be accessed in a text editor).  Please do not rename the cnt.mod file in $NX_ROOT/site/mods/majic.  We recommend its full removal.

  2. Follow the instructions in the updated document TEC489029.  The content in the updated TEC489029 supersedes any previous instructions to implement the given LDAP integration task.