2014-03-12 17:38 GMT+01:00 Esben <[email protected]>: > Den 12-03-2014 16:49, Clément OUDOT skrev: > > 2014-03-12 16:22 GMT+01:00 Esben <[email protected]>: > >> >> I'm trying out LSC (2.0.4) and I'm having problems connecting >>>>> to my >>>>> Active Directory (Windows 2008 R2) >>>>> >>>>> I get the following message when trying to connect: >>>>> >>>>> ERROR - Error opening the LDAP connection to the destination! >>>>> (javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid >>>>> Credentials]) >>>>> >>>>> I know the username password is correct. I can connect to AD via >>>>> ldapsearch and Apache Directory Studio with no problems. If I change >>>>> the >>>>> username or password to something incorrect, I get this message >>>>> instead: >>>>> >>>>> ERROR - Error opening the LDAP connection to the destination! >>>>> (javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: >>>>> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, >>>>> v1db1]) >>>>> >>>>> I've tried different passwords, and both DN and UPN usernames. >>>>> >>>>> My lsc.xml contains the following AD ldap connection: >>>>> >>>>> <ldapConnection> >>>>> <name>asdf-ad</name> >>>>> <url>ldap://ip/DC=asdf,DC=local</url> >>>>> <username>[email protected]</username> >>>>> <password>password</password> >>>>> <authentication>SIMPLE</authentication> >>>>> <referral>IGNORE</referral> >>>>> <derefAliases>NEVER</derefAliases> >>>>> <version>VERSION_3</version> >>>>> <pageSize>1000</pageSize> >>>>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>>>> <tlsActivated>false</tlsActivated> >>>>> </ldapConnection> >>>>> >>>>> Am I missing something? >>>>> >>>> >>>> >>>> UPN is not really supported, try to use the DN form in >>>> <username></username> >>>> >>>> Clément. >>>> >>>> >>>> As I wrote in the message, I tried the DN as well, with the same >>>> negative result. >>>> >>> >>> >>> Please answer to the list. >>> >>> >>> If you can log in with DN and password in ldapsearch, you should be >>> able to do it with LSC. Do you have special characters in password? Maybe >>> you should check if they fit in an XML markup. >>> >>> Clément. >>> >>> Sorry, I was a little fast on the send button. >>> >>> lsc.xml >>> >>> >>> <ldapConnection> >>> <name>asdf-ad</name> >>> <url>ldap://ip/DC=asdf,DC=local</url> >>> <username>CN=SyncUser,CN=Users,DC=asdf,DC=local</username> >>> >>> <password>password</password> >>> <authentication>SIMPLE</authentication> >>> <referral>IGNORE</referral> >>> <derefAliases>NEVER</derefAliases> >>> <version>VERSION_3</version> >>> <pageSize>1000</pageSize> >>> <factory>com.sun.jndi.ldap.LdapCtxFactory</factory> >>> <tlsActivated>false</tlsActivated> >>> </ldapConnection> >>> </connections> >>> >>> Mar 12 15:58:14 - INFO - Connecting to LDAP server >>> ldap://ip/DC=asdf,DC=local as CN=SyncUser,CN=Users,DC=asdf,DC=local >>> Mar 12 15:58:15 - ERROR - Error opening the LDAP connection to the >>> destination! (javax.naming.AuthenticationException: [LDAP: error code 49 - >>> Invalid Credentials]) >>> >>> My password is really simple, consisting of only letters (a-z) and >>> numbers. How do I see what characters are supported? >>> >> >> See >> https://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references >> >> But letters and numbers should not be a problem. >> >> Can you paste the working ldapsearch command? >> >> >> Clément. >> >> >> This command works fine: >> ldapsearch -x -D "CN=SyncUser,CN=Users,DC=asdf,DC=local" -w PASSWORD -h >> IP -b "DC=asdf,DC=local" >> >> I can also connect via Apache Directory Studio, which also uses Java. >> >> > > Well I have no idea. Try a tcpdump to find difference between the LSC > BIND and the ldapsearch BIND. > > > Clément. > > > Running wireshark i can see the exact same flow when running lsc and > ldapsearch: > > bindRequest(1) "CN=SyncUser,CN=Users,DC=asdf,DC=local" simple > bindResponse(1) success > > I just seems like LSC is not responding to the "bindResponse success" > command because it closes the connection afterwards. Ldapsearch makes a > searchRequest after the bindResponse and works fine > > > The LDAP error message is form AD.
Do you confirm that AD is your destination directory? Could you maybe send the lsc.xml file with the task definition?
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
