Error 49 is often a problem with the format of the user DN.  Try
changing the line:
"userid" => "sAMAccountName=%s,cn=Users,dc=hood,dc=edu",
to
"userid" => "cn=%s,cn=Users,dc=hood,dc=edu",

-Andy

On Tue, Aug 9, 2011 at 5:51 PM, Fay, Cornelius R. <f...@hood.edu> wrote:
> Help Needed.
>
>
>
> We have a pilot VCL running using local user accounts, and are now
> attempting authentication through our Active Directory (Windows Server 2003
> /LDAP v.3) infrastructure.  We can successfully authenticate with ‘service
> accounts’ (such as <vclservice>), but not with normal user accounts.  We
> consistently get ‘Error 49 invalid credentials’.  We run Exchange here as
> well.
>
>
>
> We would appreciate any hints as to where our failure lies.   I have
> included a segment of our ‘conf.php’ file for your perusal.
>
>
>
> Thanks in advance for any advice on where to look.
>
>
>
> Neil Fay
>
> CTO, Hood College
>
>
>
> /*
>
>  Snippet from VCL conf.php, trying to authenticate to Microsoft Active
> Directory (MSAD) via LDAP
>
>  - removed all the other examples etc
>
>  - Service domain works, but Hood domain does not
>
> */
>
> $authMechs = array(
>
>         "Hood" => array("type" => "ldap",
>
>                                    "server" => "x.x.x.x:389",
>
>                                    "binddn" => "dc=hood,dc=edu",
>
>                                    "userid" =>
> "sAMAccountName=%s,cn=Users,dc=hood,dc=edu",
>
>                                    "unityid" => "samAccountName",
>
>                                    "firstname" => "givenname",
>
>                                    "lastname" => "sn",
>
>                                    "email" => "userPrincpalName",
>
>                                    "defaultemail" => "@example.com",
>
>                                    "masterlogin" =>
> "cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "masterpwd" => "xxxxxxx",
>
>                                    "affiliationid" => 3,
>
>                                    "help" => "Use Hood for testing Hood
> Domain"),
>
>         "Service" => array("type" => "ldap",
>
>                                    "server" => "x.x.x.x:389",
>
>                                    "binddn" => "dc=hood,dc=edu",
>
>                                    "userid" =>
> "cn=%s,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "unityid" => "samAccountName",
>
>                                    "firstname" => "givenname",
>
>                                    "lastname" => "sn",
>
>                                    "email" => "userPrincipalName",
>
>                                    "defaultemail" => "@hood.edu",
>
>                                    "masterlogin" =>
> "cn=vclservice,ou=serviceaccounts,dc=hood,dc=edu",
>
>                                    "masterpwd" => "xxxxxxx",
>
>                                    "affiliationid" => 5,
>
>                                    "help" => "Use Service to test login
> using service account"),
>
>         "Local Account"    => array("type" => "local",
>
>                                     "affiliationid" => 1,
>
>                                     "help" => "Only use Local Account if
> there are no other options"),
>
>
>
>

Reply via email to