Hi, If you are using MD5 bind method, just use the user name, and not the full DN. Or use simple bind method instead, then you can use the full DN as default name. Also the ldap base needs to point to a group containing the user directly.
Cheers, Geert From: <[email protected]<mailto:[email protected]>> on behalf of Danny Sinang <[email protected]<mailto:[email protected]>> Reply-To: MarkLogic Developer Discussion <[email protected]<mailto:[email protected]>> Date: Wednesday, July 29, 2015 at 5:30 PM To: general <[email protected]<mailto:[email protected]>> Subject: [MarkLogic Dev General] External Authentication Failed I'm running ML 8.0-3 on Windows Server 2012 and I've created an External Security configuration to authenticate an ML app against Active Directory. Its settings go like this : external security name : dom1 ldap server url : ldap://dom1.company.com:389<http://dom1.company.com:389> authentication : ldap authorization : ldap ldap base : ou=UserAccounts,dc=dom1,dc=company,dc=com ldap attribute : sAMAccountName ldap default user : cn=aduser,ou=ServiceAccounts,ou=UserAccounts,dc=dom1,dc=company,dc=com ldap bind method : MD5 And then I configured the ML app to have these settings : [Inline image 1] The app prompts me for my username and password, but authentication always fails and I get this error message : 2015-07-29 11:26:56.266 Debug: LDAP user dsinang not found in login cache 2015-07-29 11:26:56.282 Debug: LDAPClient: XDMP-LDAP: LDAP Error: ldap_bind_s: Invalid Credentials (49) 2015-07-29 11:26:56.282 Debug: HTTPServer externalAuthenticate with ldap for dsinang failed 2015-07-29 11:26:56.282 Info: External authentication failed:dsinang What could I be missing and how do I test the External Security Config settings ? Also, does the xdmp:ldap-lookup() function rely on the above settings ? Regards, Danny
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
