On 12-03-2014 15:49, Clément OUDOT wrote:
2014-03-12 16:22 GMT+01:00 Esben <[email protected] <mailto:[email protected]>>:
I'm trying out LSC (2.0.4) and I'm having problems
connecting to my
Active Directory (Windows 2008 R2)
I get the following message when trying to connect:
ERROR - Error opening the LDAP connection to the
destination!
(javax.naming.AuthenticationException: [LDAP: error
code 49 - Invalid
Credentials])
I know the username password is correct. I can
connect to AD via
ldapsearch and Apache Directory Studio with no
problems. If I change the
username or password to something incorrect, I get
this message instead:
ERROR - Error opening the LDAP connection to the
destination!
(javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308:
LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e,
v1db1])
I've tried different passwords, and both DN and UPN
usernames.
My lsc.xml contains the following AD ldap connection:
<ldapConnection>
<name>asdf-ad</name>
<url>ldap://ip/DC=asdf,DC=local</url>
<username>[email protected]
<mailto:[email protected]></username>
<password>password</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
Am I missing something?
UPN is not really supported, try to use the DN form in
<username></username>
Clément.
As I wrote in the message, I tried the DN as well, with
the same negative result.
Please answer to the list.
If you can log in with DN and password in ldapsearch, you
should be able to do it with LSC. Do you have special
characters in password? Maybe you should check if they fit
in an XML markup.
Clément.
Sorry, I was a little fast on the send button.
lsc.xml
<ldapConnection>
<name>asdf-ad</name>
<url>ldap://ip/DC=asdf,DC=local</url>
<username>CN=SyncUser,CN=Users,DC=asdf,DC=local</username>
<password>password</password>
<authentication>SIMPLE</authentication>
<referral>IGNORE</referral>
<derefAliases>NEVER</derefAliases>
<version>VERSION_3</version>
<pageSize>1000</pageSize>
<factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
<tlsActivated>false</tlsActivated>
</ldapConnection>
</connections>
Mar 12 15:58:14 - INFO - Connecting to LDAP server
ldap://ip/DC=asdf,DC=local as
CN=SyncUser,CN=Users,DC=asdf,DC=local
Mar 12 15:58:15 - ERROR - Error opening the LDAP connection
to the destination! (javax.naming.AuthenticationException:
[LDAP: error code 49 - Invalid Credentials])
My password is really simple, consisting of only letters
(a-z) and numbers. How do I see what characters are supported?
See
https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
But letters and numbers should not be a problem.
Can you paste the working ldapsearch command?
Clément.
This command works fine:
ldapsearch -x -D "CN=SyncUser,CN=Users,DC=asdf,DC=local" -w
PASSWORD -h IP -b "DC=asdf,DC=local"
I can also connect via Apache Directory Studio, which also uses Java.
Well I have no idea. Try a tcpdump to find difference between the LSC
BIND and the ldapsearch BIND.
Clément.
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
Hello Esben
Are you quoting here the full error line?
AD is in the habbit of sending an generic bind error and, at the end of
the error line you then have a small number that actually tells you the
cause. Yes, one would expect the "Invalid Credentials" to be explicit
enough but, it isn't.
Anyway, in case it helps, I would recomend you to try and take out all
the binding options you can (keep it as simple as can be) and, after it
works, try to add them back as needed. Something like this:
<ldapConnection>
<name>your-ad</name>
<url>ldap://IP/dc=whatever,dc=more</url>
<username>CN=bla, ou=bla, dc=whatever, dc=more</username>
<password>password</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
</ldapConnection>
--
JaimeC
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
