Den 12-03-2014 16:49, Clément OUDOT skrev: > 2014-03-12 16:22 GMT+01:00 Esben <[email protected] <mailto:[email protected]>>: > > >>>> I'm trying out LSC (2.0.4) and I'm having problems >>>> connecting to my >>>> Active Directory (Windows 2008 R2) >>>> >>>> I get the following message when trying to connect: >>>> >>>> ERROR - Error opening the LDAP connection to the >>>> destination! >>>> (javax.naming.AuthenticationException: [LDAP: error >>>> code 49 - Invalid >>>> Credentials]) >>>> >>>> I know the username password is correct. I can >>>> connect to AD via >>>> ldapsearch and Apache Directory Studio with no >>>> problems. If I change the >>>> username or password to something incorrect, I get >>>> this message instead: >>>> >>>> ERROR - Error opening the LDAP connection to the >>>> destination! >>>> (javax.naming.AuthenticationException: [LDAP: error >>>> code 49 - 80090308: >>>> LdapErr: DSID-0C0903A9, comment: >>>> AcceptSecurityContext error, data 52e, >>>> v1db1]) >>>> >>>> I've tried different passwords, and both DN and UPN >>>> usernames. >>>> >>>> My lsc.xml contains the following AD ldap connection: >>>> >>>> <ldapConnection> >>>> <name>asdf-ad</name> >>>> <url>ldap://ip/DC=asdf,DC=local</url> >>>> <username>[email protected] >>>> <mailto:[email protected]></username> >>>> <password>password</password> >>>> <authentication>SIMPLE</authentication> >>>> <referral>IGNORE</referral> >>>> <derefAliases>NEVER</derefAliases> >>>> <version>VERSION_3</version> >>>> <pageSize>1000</pageSize> >>>> >>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>> <tlsActivated>false</tlsActivated> >>>> </ldapConnection> >>>> >>>> Am I missing something? >>>> >>>> >>>> >>>> UPN is not really supported, try to use the DN form in >>>> <username></username> >>>> >>>> Clément. >>> >>> As I wrote in the message, I tried the DN as well, with >>> the same negative result. >>> >>> >>> >>> Please answer to the list. >>> >>> >>> If you can log in with DN and password in ldapsearch, you >>> should be able to do it with LSC. Do you have special >>> characters in password? Maybe you should check if they fit >>> in an XML markup. >>> >>> Clément. >> Sorry, I was a little fast on the send button. >> >> lsc.xml >> >> >> <ldapConnection> >> <name>asdf-ad</name> >> <url>ldap://ip/DC=asdf,DC=local</url> >> <username>CN=SyncUser,CN=Users,DC=asdf,DC=local</username> >> >> <password>password</password> >> <authentication>SIMPLE</authentication> >> <referral>IGNORE</referral> >> <derefAliases>NEVER</derefAliases> >> <version>VERSION_3</version> >> <pageSize>1000</pageSize> >> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >> <tlsActivated>false</tlsActivated> >> </ldapConnection> >> </connections> >> >> Mar 12 15:58:14 - INFO - Connecting to LDAP server >> ldap://ip/DC=asdf,DC=local as >> CN=SyncUser,CN=Users,DC=asdf,DC=local >> Mar 12 15:58:15 - ERROR - Error opening the LDAP connection >> to the destination! (javax.naming.AuthenticationException: >> [LDAP: error code 49 - Invalid Credentials]) >> >> My password is really simple, consisting of only letters >> (a-z) and numbers. How do I see what characters are supported? >> >> >> See >> >> https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references >> >> But letters and numbers should not be a problem. >> >> Can you paste the working ldapsearch command? >> >> >> Clément. > > This command works fine: > ldapsearch -x -D "CN=SyncUser,CN=Users,DC=asdf,DC=local" -w > PASSWORD -h IP -b "DC=asdf,DC=local" > > I can also connect via Apache Directory Studio, which also uses Java. > > > > Well I have no idea. Try a tcpdump to find difference between the LSC > BIND and the ldapsearch BIND. > > > Clément.
Running wireshark i can see the exact same flow when running lsc and ldapsearch: bindRequest(1) "CN=SyncUser,CN=Users,DC=asdf,DC=local" simple bindResponse(1) success I just seems like LSC is not responding to the "bindResponse success" command because it closes the connection afterwards. Ldapsearch makes a searchRequest after the bindResponse and works fine
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
