Tuesday, May 19, 2009

LDAP: error code 52 - Unavailable

OK, There may be numerous reasons for this error, but of course TDS just doesn't come right out and explain it for you. This was a weird one in my case because I was simply trying to delete a password policy which I had no problems creating just moments ago. I was trying a quick and dirty test which turned into several hours of troubleshooting in the midst of my other duties.

Well I tried to delete this password policy using the TDS Web Admin Tool and this is what resulted:

GLPWSA124E Failed to delete the password policy object.

Then I attempted to use my trusty LDAP Browser/Editor and different error, but same result:

10:19:52 PM: Failed to delete entry cn=pwPolicy1, CN=IBMPOLICIES
Root error: [LDAP: error code 52 - Unavailable]


So, just for kicks I enabled trace logging:

ldtrc on

I restarted the server and attempted to delete my password policy again. Here's what showed up in the log:

137:23:14:33 T115510160 Delete operation for DN CN=PWPOLICY1,CN=IBMPOLICIES requested by CN=ROOT.
137:23:14:33 T115510160 select_backend: g_backends=0x9928310, dn=CN=PWPOLICY1,CN=IBMPOLICIES
137:23:14:33 T115510160 select_backend: selected CN=IBMPOLICIES
137:23:14:33 T115510160 subtreeDn=CN=IBMPOLICIES
137:23:14:33 T115510160 The update is not from a supplier.
137:23:14:33 T115510160 send_ldap_result2: err=10 matched=[] text=[]
137:23:14:33 T115510160 WriteToSocket: Sending msg to client


So, I'm thinking "who cares if the update is from a supplier or not?" This got me thinking about a replication issue. Now when I built my replicas for this test lab, I did not configure replication for CN=IBMPOLICIES. At the time I had no desire to replicate these.

In looking at this further I see that the replication topology is all hosed for CN=IBMPOLICIES.

Peer 1:









Peer 2:









So, then how to clean this mess up? I found a handy tech note on the IBM Support Web Site. I know this was referenced by the good folks at L2 Support who put on an STE a while back. It just took me a while to relate the fact that I couldn't delete this simple password policy to a replication issue. Anyhow, the tech note:

http://www-01.ibm.com/support/docview.wss?rs=767&context=SSVJJU&q1=cn%3dibmpolicies&uid=swg21226577&loc=en_US&cs=utf-8&lang=en

3 comments:

Anonymous said...

Great article! It helped me solve my replication configuration problem I was having.

Ramesh said...

Hi Charles,
Could you please give me any URL where I can set up a Master to master topology with IDS 6.1?

I'm setting up this for ITIM 5.0.

Thanks in advance,

Ramesh

Anonymous said...

Hello!
My name is Tom, I live in Fort Worth, TX.

I am here to network / interact with other people for sharing knowledge, discussing ideas, seeking advice, find business partners & the like.


Look forward to 'meeting' you all.