[Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]
Hi All, Version 1.8.0, JSPUI. This morning I was contacted by a user who has recently changed their LDAP password as per company security policies. When this user proceeded to login to DSpace they were unable to use their new credentials, triggering the invalid credentials error code in the subject line: [LDAP\colon; error code 49 - Invalid Credentials] (found in the log files.) The odd thing is that this user can still use their old LDAP password and they login successfully. I have checked the authentication.cfg and LDAPAuthentication is enabled, with precedence over PasswordAuthentication, and other users are logging in OKāeven with recently changed credentials. I am at a loss as to where to look next? Any ideas? Thank you for your time. Good-day and be well. Darren Arsenault Programmer Algonquin College 1385 Woodroffe Avenue Ottawa, ON, K2G 1V8 -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]
Hi Darren, I don't think this can be DSpace's fault. Although DSpace can create an eperson on the first login via LDAP (if autoregister is set to true), it only means that a row in the eperson table is created. The password is not stored in DSpace and the user is always authenticated by trying to bind to LDAP with the specified username/password. If I were you, I'd take a look at your LDAP infrastructure. If you have some kind of replication set up or if you're using custom code to change the password in multiple systems (LDAP being just one of them), the changed password may not yet have propagated to the LDAP server DSpace uses. So try to bind the user using e.g. the ldapsearch utility or any other LDAP client. My bet is that the LDAP server still has the old password. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]
Hi Helix, Weirder and weirder. I just changed my credentials so that I could recreate the error without the assistance of the affected user, and I cannot recreate the error. The new credentials work fine for me, and my old credentials do not. This user still has the issue in DSpace, yet they can access other systems without error. I have not written any code for storing, saving, or manipulating passwords in DSpace, and the only place in the database that I am aware stores a password is the eperson table, which I have ensured is blank. I have checked with the IT guys, and there is no replication or duplication happening, only one LDAPserver. Any other ideas? Darren Arsenault Programmer Algonquin College 1385 Woodroffe Avenue Ottawa, ON, K2G 1V8 From: ivan.ma...@gmail.com [ivan.ma...@gmail.com] On Behalf Of helix84 [heli...@centrum.sk] Sent: January-28-13 10:56 AM To: Darren Arsenault Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials] Hi Darren, I don't think this can be DSpace's fault. Although DSpace can create an eperson on the first login via LDAP (if autoregister is set to true), it only means that a row in the eperson table is created. The password is not stored in DSpace and the user is always authenticated by trying to bind to LDAP with the specified username/password. If I were you, I'd take a look at your LDAP infrastructure. If you have some kind of replication set up or if you're using custom code to change the password in multiple systems (LDAP being just one of them), the changed password may not yet have propagated to the LDAP server DSpace uses. So try to bind the user using e.g. the ldapsearch utility or any other LDAP client. My bet is that the LDAP server still has the old password. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] LDAP authentication failing with: [LDAP\colon; error code 49 - Invalid Credentials]
We can always blame it on the user :) No, really, have him change his password under your supervision, I think it will magically work. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette