Unable to login to xFlow due to userAccountControl error with LDAP integration

Document ID : KB000046040
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

On some installations of SDM, there may be a problem in trying to login to the xFlow interface.  The xFlow interface will report a "Login failed" error message.  In the logs, concurrent to the above occurrence, one may see an error such as:

01/11 11:12:13.14 SERVER1 domsrvr 6052 ERROR domset.c 8921 Error in display_by_index method select_response: Column userAccountControl not found in table ca_contact (subquery 1.0 SELECTION) at . userAccountControl


Environment:
 

CA Service Desk 14.1, CP3, xFlow interface

 

Cause:

In an earlier version of technical document TEC489029:  “How to get pdm_ldap_sync to synchronize the ldap-enabled/disabled status with contact's active/inactive status in servicedesk?”, instructions were given to create a cnt.mod file with the following content::

OBJECT cnt PDM {
ATTRIBUTES ca_contact{
userAccountControl INTEGER;
};
};

The problem with the above instructions is that an attribute is introduced to the cnt object, "userAccountControl" through the ca_contact table.  However, this attribute should be applied via Web Screen Painter's Schema Designer, and written to the usp_contact table.  Further, only an attribute definition for userAccountControl is given in the cnt.mod file.  There is no supporting schema definition given that corresponds to the object attribute definition.

 

Resolution:

Document TEC489029 has been updated to reflect an updated approach to accomplishing the same task within LDAP integration.  To address the above concerns with regards to xFlow authentication:

  1. Remove the existing cnt.mod file that is described above, making sure that its contents match the above description (the mod file can be accessed in a text editor).  Please do not rename the cnt.mod file in $NX_ROOT/site/mods/majic.  We recommend its full removal.

  2. Follow the instructions in the updated document TEC489029.  The content in the updated TEC489029 supersedes any previous instructions to implement the given LDAP integration task.