Issue with login. Error 5017
36 views
Skip to first unread message
TW01 TW01
Jun 4, 2025, 8:01:34 AMJun 4
to pwm-general
Hi all,
I setup PWM (docker installation) to connect to our AD via ldaps. Test connection works fine but when I try to login i received error 5017. If I try using ldap (port 389) it works fine but I cannot change password to users.
I don't understand how to solve due to test ldap connection works fine
On PWM.log i'm seeing this
2025-06-04T11:35:19Z, INFO , stored.ConfigurationReader, {W4eXW,proxyUser} beginning write to configuration file /config/PwmConfiguration.xml.new [<REDACTED_IP>]
2025-06-04T11:35:19Z, INFO , stored.ConfigurationReader, saved configuration (533ms)
2025-06-04T11:35:19Z, INFO , http.ContextManager, {#,context} beginning application restart (11ms), restart count=1
2025-06-04T11:35:19Z, WARN , pwm.PwmApplication, shutting down
2025-06-04T11:35:19Z, INFO , event.AuditService, audit event: {SHUTDOWN}
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, PWM v2.0.8 bb7ed22b closed for bidness, cya!
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, initializing, application mode=RUNNING, applicationPath=/config, configFile=/config/PwmConfiguration.xml
2025-06-04T11:35:19Z, ERROR, pwm.PwmApplication, error retrieving key 'localdb.logger.storage.format' value from localDB: null
2025-06-04T11:35:19Z, INFO , logging.LocalDBLogger, open, events=430, tailAge=3h:57m, maxEvents=1000000, maxAge=28d, localDBSize=17.04 MB (1ms)
2025-06-04T11:35:19Z, WARN , email.EmailServerUtil, discarding incompletely configured email address for smtp server profile default
2025-06-04T11:35:19Z, INFO , intruder.IntruderManager, starting using LocalDB data store
2025-06-04T11:35:19Z, ERROR, node.NodeService, error starting up node service: 5093 ERROR_NODE_SERVICE_ERROR (ldap node service requires that setting LDAP ⇨ LDAP Directories ⇨ default ⇨ Connection ⇨ LDAP Test User is configured)
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, PWM v2.0.8 bb7ed22b open for bidness! (54ms)
2025-06-04T11:35:19Z, INFO , http.ContextManager, {#,context} application restart completed (107ms)
2025-06-04T11:35:19Z, INFO , event.AuditService, audit event: {STARTUP}
2025-06-04T11:35:19Z, ERROR, pwm.PwmApplication, error retrieving key 'https.selfCert' value from localDB: null
2025-06-04T11:35:20Z, INFO , pwm.PwmApplication, successfully exported application https key to keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2025-06-04T11:35:21Z, ERROR, ldap.LdapOperationsHelper, {YgpPr} error adding objectclass 'pwmUser' to user, error CN=proxyUser,OU=Admins,DC=example,DC=local (default): javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - Error in attribute conversion operation]
2025-06-04T11:35:21Z, INFO , event.AuditService, {YgpPr} audit event: {AUTHENTICATE_SUCCESS for CN=proxyUser}
2025-06-04T11:35:49Z, WARN , provider.FailOverRotationMachine, unable to reach ldap server ldaps://ldap.example.local:636, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: example.local:636, cause:javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching example.local found.
2025-06-04T11:35:53Z, WARN , search.UserSearchEngine, {XlrNW} searchID=0-0 error during user search: 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: unable to reach ldap server) [<REDACTED_IP>]
2025-06-04T11:35:54Z, FATAL, servlet.AbstractPwmServlet, {XlrNW} 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: unable to reach ldap server) [<REDACTED_IP>]
2025-06-04T11:35:19Z, INFO , stored.ConfigurationReader, saved configuration (533ms)
2025-06-04T11:35:19Z, INFO , http.ContextManager, {#,context} beginning application restart (11ms), restart count=1
2025-06-04T11:35:19Z, WARN , pwm.PwmApplication, shutting down
2025-06-04T11:35:19Z, INFO , event.AuditService, audit event: {SHUTDOWN}
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, PWM v2.0.8 bb7ed22b closed for bidness, cya!
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, initializing, application mode=RUNNING, applicationPath=/config, configFile=/config/PwmConfiguration.xml
2025-06-04T11:35:19Z, ERROR, pwm.PwmApplication, error retrieving key 'localdb.logger.storage.format' value from localDB: null
2025-06-04T11:35:19Z, INFO , logging.LocalDBLogger, open, events=430, tailAge=3h:57m, maxEvents=1000000, maxAge=28d, localDBSize=17.04 MB (1ms)
2025-06-04T11:35:19Z, WARN , email.EmailServerUtil, discarding incompletely configured email address for smtp server profile default
2025-06-04T11:35:19Z, INFO , intruder.IntruderManager, starting using LocalDB data store
2025-06-04T11:35:19Z, ERROR, node.NodeService, error starting up node service: 5093 ERROR_NODE_SERVICE_ERROR (ldap node service requires that setting LDAP ⇨ LDAP Directories ⇨ default ⇨ Connection ⇨ LDAP Test User is configured)
2025-06-04T11:35:19Z, INFO , pwm.PwmApplication, PWM v2.0.8 bb7ed22b open for bidness! (54ms)
2025-06-04T11:35:19Z, INFO , http.ContextManager, {#,context} application restart completed (107ms)
2025-06-04T11:35:19Z, INFO , event.AuditService, audit event: {STARTUP}
2025-06-04T11:35:19Z, ERROR, pwm.PwmApplication, error retrieving key 'https.selfCert' value from localDB: null
2025-06-04T11:35:20Z, INFO , pwm.PwmApplication, successfully exported application https key to keystore file /root/.pwm-workpath/work-pwm-8443/keystore
2025-06-04T11:35:21Z, ERROR, ldap.LdapOperationsHelper, {YgpPr} error adding objectclass 'pwmUser' to user, error CN=proxyUser,OU=Admins,DC=example,DC=local (default): javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - Error in attribute conversion operation]
2025-06-04T11:35:21Z, INFO , event.AuditService, {YgpPr} audit event: {AUTHENTICATE_SUCCESS for CN=proxyUser}
2025-06-04T11:35:49Z, WARN , provider.FailOverRotationMachine, unable to reach ldap server ldaps://ldap.example.local:636, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: example.local:636, cause:javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching example.local found.
2025-06-04T11:35:53Z, WARN , search.UserSearchEngine, {XlrNW} searchID=0-0 error during user search: 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: unable to reach ldap server) [<REDACTED_IP>]
2025-06-04T11:35:54Z, FATAL, servlet.AbstractPwmServlet, {XlrNW} 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: unable to reach ldap server) [<REDACTED_IP>]
Thanks for help
Riccardo
Riccardo Carturan
Jun 4, 2025, 8:29:28 AMJun 4
to pwm-general
I solved myself the error, now it works fine.
The trick was to change
LDAP Contextless Login Roots from DC=mydomain,DC=locale to OU=OURoot,DC=mydomain,DC=locale (I also add Admin OU to be able to manage some Admins users under OU=Admins,DC=mydomain,DC=locale)
After that login works perfectly
After that login works perfectly
Reply all
Reply to author
Forward
0 new messages