Ldap acceptsecuritycontext error data 52e

LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 I know "52e" code is when username is valid, but password is invalid. I am using the s...

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

Problem

Users are unable to log in. Nothing has changed in JIRA side.

The following appears in the atlassian-jira.log:

2017-10-25 14:13:07,009 ERROR [scheduler_Worker-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 31064065 ].
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:847)

...

Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]

Cause

LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with JIRA are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49

This can happen when that user is either removed or has its password changed from LDAP side.

Resolution 1

Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing JIRA to connect to LDAP.

As an alternative to Recovery Mode, you could utilize auth_fallback by following the guide: Bypass SAML authentication for Jira Data Center 

Resolution 2

Alternatively, you can run the following query against your database to find out which one is the admin account that JIRA uses to connect to the LDAP:

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn'; 

Note: The query may return multiple results in case you have more than one User Directory in your JIRA instance.

Re-adding the user back to the LDAP with the same password should resolve the issue.

Resolution 3

As JIRA storing LDAP Login credential in the database without encryption, you may also update those LDAP credential in your database:

lDAP Password Field

Select * from cwd_directory_attribute where attribute_name = 'ldap.password'

LDAP User Name Field

SELECT * FROM cwd_directory_attribute WHERE attribute_name = 'ldap.userdn';

(info) attribute_value is the fields which storing those data.

(info)  Always perform a backup before you perform edit/update query in the database. It is also highly recommended for you to perform this in a test instance before proceeding with production instance.

LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.

Here is my java code

    String userName = "*******";
    String password = "********";
    String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
    String dn = "cn=" + userName + "," + base;  
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://******");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, dn);
    env.put(Context.SECURITY_CREDENTIALS, password);
    LDAPAuthenticationService ldap = new LDAPAuthenticationService();
   // LdapContext ctx;
    DirContext ctx = null;
    try {
        ctx = new InitialDirContext(env);

My error is on this line: ctx = new InitialDirContext(env);

I do not know what exactly is causing this error.

simbabque's user avatar

simbabque

53.5k8 gold badges77 silver badges133 bronze badges

asked Jul 14, 2015 at 15:59

anusha vannela's user avatar

0

For me the issue resolved when I set the principal section like this:

env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);

answered Nov 9, 2016 at 15:45

Vishal's user avatar

VishalVishal

1,8332 gold badges19 silver badges22 bronze badges

4

In my case I have to use something like <username>@<domain> to successfully login.

sample_user@sample_domain

smonff's user avatar

smonff

3,3513 gold badges39 silver badges46 bronze badges

answered Sep 24, 2018 at 7:50

Linh Nguyen's user avatar

Linh NguyenLinh Nguyen

2012 silver badges8 bronze badges

When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).

answered Oct 9, 2018 at 16:19

MAW's user avatar

MAWMAW

8738 silver badges22 bronze badges

I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.

For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!

answered Jun 23, 2017 at 5:46

Count's user avatar

CountCount

1,3652 gold badges19 silver badges38 bronze badges

1

For me the issue is resolved by adding domain name in user name as follow:

string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer; 
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);

answered Nov 23, 2018 at 7:14

Mahsh Nikam's user avatar

if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»

answered Jul 5, 2019 at 3:34

HaoSi's user avatar

HaoSiHaoSi

211 bronze badge

0

For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.

PS I was using ServerBind authentication.

answered Feb 24, 2021 at 14:02

arslanahmad656's user avatar

1

LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.

answered Apr 13, 2017 at 20:40

Ebrahim's user avatar

For me issue is resolved by changing envs like this:

 env.put("LDAP_BASEDN", base)
 env.put(Context.SECURITY_PRINCIPAL,"user@domain")

answered Aug 28, 2019 at 7:52

user3917389's user avatar

1

Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):

    Hashtable<String, Object> env = new Hashtable<String, Object>();
    String principalName = "domainName\userName";
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, principalName);
    env.put(Context.SECURITY_CREDENTIALS, "Your Password");

    try {
        DirContext authContext = new InitialDirContext(env);
        // user is authenticated
        System.out.println("USER IS AUTHETICATED");
    } catch (AuthenticationException ex) {
        // Authentication failed
        System.out.println("AUTH FAILED : " + ex);

    } catch (NamingException ex) {
        ex.printStackTrace();
    }

answered Feb 7, 2020 at 11:35

Praveen Gopal's user avatar

2

I’ve tested three diferent approaches and them all worked:

env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");

If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.

answered Jan 27, 2022 at 15:57

Sergio Gabari's user avatar

In my case I misconfigured email credentials then I corrected

var passport = require('passport'),
    WindowsStrategy = require('passport-windowsauth'),
    User = require('mongoose').model('User');

module.exports = function () {
    passport.use(new WindowsStrategy({ldap: {
        url:            'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
        base:           'DC=corp,DC=company,DC=com',
        bindDN:         'myid@corp.company.com',
        bindCredentials:'password',
        tlsOptions: {
            ca: [fs.readFileSync("./cert.pem")],
          },
    }, integrated: false},
    function(profile, done) {
        console.log('Windows');
        console.log(profile);
        User.findOrCreate({
            username: profile.id
        }, function(err, user) {
            if (err) {
                return done(err);
            }

            if (!user) {
                return done(null, false, {
                    message: 'Unknown user'
                });
            }

            if (!user.authenticate(password)) {
                return done(null, false, {
                    message: 'Invalid password'
                });
            }

            return done(null, user);
        });
    }));
};

answered May 12, 2022 at 13:50

KARTHIKEYAN.A's user avatar

KARTHIKEYAN.AKARTHIKEYAN.A

16.7k6 gold badges115 silver badges130 bronze badges

Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .

You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.

answered Jul 19, 2022 at 10:13

Kumaresan Perumal's user avatar

Problem

You configure WebSphere Liberty to use LDAP to authenticate users in Active Directory, by adding an <ldapRepository> element to server.xml.  When users try to log in with Active Directory credentials, authentication fails. An error appears in the Opal logs directory:

on Windows: C:IBMi2analyze.olddeploywlpusrserversopal-serverlogs

on Linux: /opt/IBM/i2analyze/deploy/wlp/usr/servers/opal-server/logs

The error in the logs is similar to:

    javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e

Diagnosing The Problem

LDAP error 49 is a standard LDAP error, LDAP_INVALID_CREDENTIALS, defined in RFC 2251, Section 44.1.10:


     4.1.10. Result Message

    The LDAPResult is the construct used in this protocol to return success or failure indications from servers to clients.

    In response to various requests servers will return responses containing fields of type LDAPResult to indicate the final status of a protocol operation request.

    LDAPResult ::= SEQUENCE     { resultCode ENUMERATED {

            success (0),

            operationsError (1),

            ….

            invalidCredentials           (49),

 The data in the error is 0x52e. In decimal, this is equal to 1326. This is defined by Microsoft in WinError.h as

        ERROR_LOGON_FAILURE

           1326 (0x52E)

           The user name or password is incorrect.

In short, the error tells us the user name or password used to BIND to Active Directory was incorrect.

Resolving The Problem

Inspect the bindDN and bindPassword attributes of the <ldapRegistry> element in server.xml. Verify they contain the right values, and correct them if necessary.

<ldapRegistry id=»ldap» realm=»MyRealm»

    [ … ]

    bindDN=»cn=i2User,dc=intell, dc=example,dc=com»
    bindPassword=»P@$$Word01″

    [ … ]

</ldapregistry>

After the correct user name and pasword are specified, Liberty is able to BIND to the Active Directory tree; and users can log in normally.

Note that these attributes require the user name and password of the Active Directory BIND context; they are not the user name and password of the interactive user, logging in.

Document Location

Worldwide

[{«Line of Business»:{«code»:»LOB24″,»label»:»Security Software»},»Business Unit»:{«code»:»BU059″,»label»:»IBM Software w/o TPS»},»Product»:{«code»:»SSXVTH»,»label»:»i2 Analyze»},»ARM Category»:[{«code»:»a8m0z000000cwitAAA»,»label»:»i2 Enterprise Insight Analysis->Authentication»}],»ARM Case Number»:»TS005170223″,»Platform»:[{«code»:»PF025″,»label»:»Platform Independent»}],»Version»:»All Version(s)»}]

Historical Number

TS005170223

Last updated on: March 10th, 2021

vScope supports both Discovery of and integration with the Active Directory. If something goes wrong you will be prompted with an error message that can give you a hint of the cause to the issue.

The error messages might look something like this:

INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 

INVALID_CREDENTIALS: 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 775, v1db1 

The code is listed after Data (in this case 52e and 775).

Here is a list of common error codes that might show up:

Error code Error Description
525 User not found Returned when an invalid username is supplied.
52e Invalid credentials Returned when a valid username is supplied but an invalid password/credential is supplied. If this error is received, it will prevent most other errors from being displayed.
530 Not permitted to logon at this time Returned when a valid username and password/credential are supplied during times when login is restricted.
531 Not permitted to logon from this workstation Returned when a valid username and password/credential are supplied, but the user is restriced from using the workstation where the login was attempted.
532 Password expired Returned when a valid username is supplied, and the supplied password is valid but expired.
533 Account disabled Returned when a valid username and password/credential are supplied but the account has been disabled.
701 Account expired Returned when a valid username and password/credential are supplied but the account has expired.
773 User must reset password Returned when a valid username and password/credential are supplied, but the user must change their password immediately (before logging in for the first time, or after the password was reset by an administrator).
775 Account locked out Returned when a valid username is supplied, but the account is locked out. Note that this error will be returned regardless of whether or not the password is invalid.

Further reading

You can read more about integrating vScope with Active Directory on this Knowledge Base post.

Overview

I’m trying to get Proxmox to perform user authentication via LDAP with a Windows Server 2016 ADDS server. Proxmox is convinced that my credentials are incorrect.

Environment

  • Proxmox 6.3-1, PVE 6.3-6

  • Windows Server 2019 Datacenter 1809, b17763.1823

  • The Proxmox server and Domain Controller are on the same network (the DC is a guest on the Proxmox instance).

  • The DC’s root certificate has been added to the Proxmox server’s store.

  • Proxmox’s realm binding is set up with a dedicated standard user account in the OU OU=Service Users,DC=subdomain,DC=domain,DC=tld.

  • I have an administrative account in the standard CN=Users,DC=subdomain,DC=domain,DC=tld.

  • Proxmox’s realm binding is as follows via the GUI:

    General
    ---
    Domain: DC=subdomain,DC=domain,DC=tld
    Default: True
    Server: dc.subdomain.domain.tld
    Fallback Server: Unused
    Port: Default
    SSL: True
    Verify Certificate: True
    Require TFA: None
    
    Sync Options
    ---
    Bind User: CN=ServiceAccount,OU=Service Users,DC=subdomain,DC=domain,DC=tld
    E-Mail Attribute: mail
    Groupname Attr.: sAMAccountName
    User Classes: user
    Group Classes: group
    User Filter: (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=InfrastructureAdmins,CN=Users,DC=subdomain,DC=domain,DC=tld))
    Group Filter: (sAMAccountName=InfrastructureAdmins)
    

What’s Happening

  • Proxmox’s login page gives the error message «Login failed. Please try again».
  • Proxmox’s syslog shows the line entry hostname pvedaemon[pid]: authentication failure; rhost=10.9.0.50 user=username@realm msg=80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563.
    • The error code 52e suggests that the password is incorrect.
  • I’m not seeing any entries for ServiceAccount or username in the DC’s security event log when the login fails.

What I’ve Tried

  • I’ve verified that Proxmox can communicate with the DC; when the realm is synced, it successfully pulls groups and users from the domain.
  • I’ve verified that the binding user ServiceAccount can log in to a domain-joined computer.
  • I’ve verified that the account I’m testing with (my admin account) can log in to domain-joined computers; it’s the account I’m logged into the DC with.
    • I’ve also created a test account with no additional settings, just the proper group membership, and attempted to use it to log into Proxmox.
  • I’ve tried simplifying the passwords for both my user account and the binding account down to P4$$w0rd.
  • LDAP works for other systems with a similar binding account.

Any guidance or suggestions would be greatly appreciated.

asked Mar 28, 2021 at 2:05

timelmer's user avatar

I can’t be sure you and I have the same problem, but I solved the same symptoms by:

  • Ensure the ‘domain’ in the LDAP settings is the actual AD domain name (eg. ad.example.com). Proxmox will append this to a user name in order to log on, so the LDAP server will reject you if you’ve got it wrong.
  • Ensure the user or group logging on has a Role assigned to them. You can do this by going to Datacentre->Permissions (the «title», not the things inside the pull-down!) and add a Group Permission (in my case, I used the LDAP group I’d created called ProxmoxAdmins and assigned it the Administrator role)

Things I’ve noticed are that the log messages don’t tell you the cause of the problem at all. I’ve also noticed that LDAP groups cannot have spaces in them (eg. Proxmox Admins doesn’t work, ProxmoxAdmins does). You can see this if you do a «sync preview» in the LDAP settings). And lastly, just because «sync» works, doesn’t mean users will — it only tests the Bind credentials (a useful check, but not everything!).

answered Jan 24, 2022 at 13:46

Ralph Bolton's user avatar

Для
бизнеса

  • По заинтересованным лицам

  • IT-лидеры

  • Независимые разработчики ПО

  • Архитекторы корпоративных приложений

  • По отраслям

  • Истории успеха

  • По вариантам использования

  • Модернизация приложений

  • Сокращение расходов на ПО

  • Автоматизация внутренних процессов

Понравилась статья? Поделить с друзьями:

Читайте также:

  • Ld cannot find collect2 error ld returned 1 exit status
  • Lcpdfr encountered a critical error
  • Lcore exe системная ошибка
  • Lci ошибка самсунг на стиральной машине
  • Lcdm 2000 коды ошибок

  • 0 0 голоса
    Рейтинг статьи
    Подписаться
    Уведомить о
    guest

    0 комментариев
    Старые
    Новые Популярные
    Межтекстовые Отзывы
    Посмотреть все комментарии