Why am I getting the message "OCLC has detected a problem with your institution's authorization credentials" when trying to login to WorldShare Management Services?
Symptom
- You receive the error message "OCLC has detected a problem with your institution's authorization credentials. Contact your institution representative for further assistance."
Applies to
- WorldShare Management Services sites using LDAP as their authentication method.
Resolution
1. Check with your local IT department to see if any changes were made to the LDAP server certificate(s). If so, check against our advice below to determine if OCLC needs to get involved.
- Do you use a well-known, public Certificate Authority to generate your server certs? If so, you can generate a new one and install on your LDAP. No action is needed by OCLC
- If not, did you create your own, self-signed, root Certificate Authority (CA) and it's not expired? If so, you can still, generate a new server cert with that and install to your LDAP. No action is needed by OCLC.
- If still not, we will need a new self-signed, root Certificate Authority with a long expiry (5+ years), from which your library can generate server certs. This requires an OCLC install.
Note: You can fetch the LDAP certificate that OCLCs system is seeing as expired by using the following SSL command:
OpenSSL s_client -connect YOUR LDAP URL
Contact OCLC Support if you do not know which LDAP URL OCLCs systems are using.
2.The LDAP bind username or bind password has changed and needs to be updated on the OCLC Configuration. OCLC Support cannot see the current bind password configured as it is encrypted for security reasons.
- Contact your institutions LDAP administrator and have them contact OCLC Support via phone. We prefer to receive these sensitive passwords via phone rather than email.
- OCLC Support staff can update the bind username and/or the bind password.