Top Level UID Authentication Results in AAA-SYS-0001

In our test realm, we currently have a Sun One LDAP as a authentication provider. The bind credentials for our top level admin user are provided and the use bind credentials for search is flagged as true.

So, the admin user is directly underneath the distinguished name (dc=abcdefghi). So it’s fully qualified name is: “uid=ImTheAdmin,dc=abcdefghi”

We also have a developer user ID that is on the same level. The problem arises when we trip the flag of “use bind credentials for search” from true to false – which according to the “tooltip” text in cognos configuration, states that we should now start to use the login id for searches and not the full admin user id.

At this point, the admin user can still authenticate, but the developer user cannot, resulting in the AAA-SYS-0001 error message.

Does anyone know if there is a way to get a 2nd top level uid to be able to authenticate even with the use bind credentials for search flag set to false?

I can’t seem to reconcile the reasons why the admin user is able to authenticate with no issues, but the developer user cannot.

The tree basically looks like this:


In cognos configuration:

Base Distinguished Name: dc=abcdefghi
User lookup: (uid=${userID})
Bind User DN and password: ************* (populated with “uid=ImTheAdmin,dc=abcdefghi”, and the valid pw
Use bind credentials for search: True

If I set the “Use bind credentials for search: False” only ImTheAdmin can authenticate.

Hi Dax,

did you solve this issue?