On Mon, Nov 27, 2017 at 9:46 AM, <harry.dev...@faa.gov> wrote: > Update: using port 389 and none for encryption, and I had to change the > search DN to be just cn=Directory Manager. Now I get the following error: > > > > Nov 27 09:42:01 access server: 09:42:01.909 [http-bio-8080-exec-6] WARN > o.a.g.a.l.AuthenticationProviderService - Multiple DNs possible for user > "harry.devine": [uid=harry.devine,cn=users,cn=compat,dc=example,dc=com, > uid=harry.devine,cn=users,cn=accounts,dc=example,dc=com] > > > Try disabling LDAP alias dereferencing:
ldap-dereference-aliases: never It looks like you probably have the cn=users,cn=compat area pointed to the real objects (cn=users,cn=accounts), and this could be confusing the LDAP client when it expects uniquely-named items. Otherwise, you'll need to narrow your base DN such that it only locates one or the other account. -Nick
