Содержание
- LDAP Authentication fails if using sAMAccountName #2936
- Comments
- Steps to reproduce
- Expected behaviour
- Actual behaviour
- Server configuration
- Client configuration
- Web server error log
- Log from the web-browser developer console (CTRL + SHIFT + i)
- Ldap error code 49 80090308 ldaperr dsid 0c090447
- Microsoft Active Directory LDAP Result Codes sub-codes for Bind Response:#
- Users are unable to log in to JIRA (LDAP: error code 49, data 52e)
- Atlassian Knowledge Base
- On this page
- Related content
- Still need help?
- Problem
- Cause
- Resolution 1
- Resolution 2
- Resolution 3
- LDAP: error code 49 — 80090308
- Confluence Support
- Get started
- Knowledge base
- Products
- Jira Software
- Jira Service Management
- Jira Work Management
- Confluence
- Bitbucket
- Resources
- Documentation
- Community
- System Status
- Suggestions and bugs
- Marketplace
- Billing and licensing
- Viewport
- Confluence
- Users are unable to log in to Confluence (LDAP: error code 49, data 52e)
- Related content
- Still need help?
- Problem
- Cause
- Resolution 1
- Resolution 2
LDAP Authentication fails if using sAMAccountName #2936
Steps to reproduce
- Configure username for connecting to AD with sAMAccountname
- User name attribute set to sAMAccountName
- User Object Filter set to (objectCategory=Person)(sAMAccountName=*))
- Test configuration with sAMAccountName of a user
Expected behaviour
Actual behaviour
Caution
Error : 49 — Invalid credentials
80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839
Server configuration
Operating system:
Alpine Linux
Web server:
Apache
Database:
Amazon Aurora RDS (mysql 5.7)
PHP version:
7.4
Teampass version:
3.0.0.8
Teampass configuration file:
Updated from an older Teampass or fresh install:
PLEASE attach to this issue the file /includes/config/tp.config.php .
Client configuration
Browser:
Operating system:
Web server error log
Log from the web-browser developer console (CTRL + SHIFT + i)
The text was updated successfully, but these errors were encountered:
Hello,
I have similar setup and it works smoothly.
While googling your error, I found this page https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
Perhaps this could help you but I don’t see how the Adldap could be wrong there.
I would be greatly interested in having any feedback.
Perhaps something needs to be robustified.
This is the error I keep getting. I even get the same error when testing and using my own credentials which I know work.
weird thing. If I use cn as the username with which to bind, change the username attribute to cn and then test the configuration with the following:
«firstname» «surname» (theres a space between the two), it succesfully passes. as soon as I change back to samaccountname it fails. @nilsteampassnet the only difference i can see between both of our configs is that you are using OpenLDAP whereas I am using Active Directory.
I did read somewhere about issues when the cn and samaccountname’s are different, but I cannot seem to find that link again and dont even know if this is a valid reason?
hi @nilsteampassnet. Do you have any further updates on this?
Has anyone got TeamPass 3.0.0.8 working using samAccountName with Active Directory?
For the life of me I can get LDAP to work. We have an old version of teampass (2.1.23) and rather than going through the upgrade path, I figured maybe installing the latest version would be better and then just manually transfer the passwords over.
Installation of 3.0.0.7 went fine but I can’t get LDAP to function. I updated 3.0.0.7 to 3.0.0.8, and while I no longer get the «couldn’t connect to LDAP» error, I’m either getting an authentication error or just «in progress» with errors in the apache log.
I’ve tried all sorts of combinations. I can’t upload pictures from work, but if I use as the bind user the full distinguished name like for example:
User name attribute : cn
Then in the logs I get:
Uncaught LdapRecord\Query\ObjectNotFoundException: No LDAP query results for filter: [(**cn=CN=**sa_ldap,OU=ServiceAccounts,OU=foo,DC=bar,DC=com)] in: [] in /opt/websites/teampass-3.0.0.7/includes/libraries/LdapRecord/Query/ObjectNotFoundException.php
It adds this double CN=. Tried without, no luck. I must be doing something wrong. Is anyone getting LDAP to work with AD?
sAMAccountName does not work as others pointed out.
Источник
Ldap error code 49 80090308 ldaperr dsid 0c090447
When you see an entry similar to:
The hex values will resolve to a Microsoft Response Code that may provide more information.
Microsoft Active Directory LDAP Result Codes sub-codes for Bind Response:#
| Code | hex | DEC | Short Description | More Information | Comments |
|---|---|---|---|---|---|
| 49 | 525 | 1317 | LDAP_NO_SUCH_OBJECT | Entry does not exist. | |
| 49 | 52e | 1326 | ERROR_LOGON_FAILURE | Returns when username is valid but password/credential is invalid. | Will prevent most other errors from being displayed as noted. |
| 49 | 52f | 1327 | ERROR_ACCOUNT_RESTRICTION | Account Restrictions are preventing this user from signing in. | For example: blank passwords aren’t allowed, sign-in times are limited, or a policy restriction has been enforced. |
| 49 | 530 | 1328 | ERROR_INVALID_LOGON_HOURS | Time Restriction:Entry logon time restriction violation | |
| 49 | 531 | 1329 | ERROR_INVALID_WORKSTATION | Device Restriction:Entry not allowed to log on to this computer. | |
| 49 | 532 | 1330 | ERROR_PASSWORD_EXPIRED | Password Expiration: Entry password has expired LDAP User-Account-Control Attribute — ERROR_PASSWORD_EXPIRED | NOTE: Returns only when presented with valid username and password/credential. |
| 49 | 533 | 1331 | ERROR_ACCOUNT_DISABLED | Administratively Disabled: LDAP User-Account-Control Attribute — ACCOUNTDISABLE | NOTE: Returns only when presented with valid username and password/credential. |
| 49 | 568 | 1384 | ERROR_TOO_MANY_CONTEXT_IDS | During a logon attempt, the user’s security context accumulated too many security Identifiers. (ie Group-AD) | |
| 49 | 701 | 1793 | ERROR_ACCOUNT_EXPIRED | LDAP Password Expiration: User-Account-Control Attribute — ACCOUNTEXPIRED | NOTE: Returns only when presented with valid username and password/credential. |
| 49 | 773 | 1907 | ERROR_PASSWORD_MUST_CHANGE | Password Expiration: Entry’s password must be changed before logging on LDAP pwdLastSet: value of 0 indicates admin-required password change — MUST_CHANGE_PASSWD | NOTE: Returns only when presented with valid username and password/credential. |
| 49 | 775 | 1909 | ERROR_ACCOUNT_LOCKED_OUT | Intruder Detection:Entry is currently locked out and may not be logged on to LDAP User-Account-Control Attribute — LOCKOUT | NOTE: Returns even if invalid password is presented |
| 49 | 80090346 | .. | ERROR_ACCOUNT_LOCKED_OUT | AcceptSecurityContext error | SEC_E_BAD_BINDINGS — Client’s supplied Security Support Provider Interface (SSPI) Channel Bindings were incorrect. |
Common Active Directory Bind Errors will often be shown within the Windows Event Log as Event 4625
Источник
Users are unable to log in to JIRA (LDAP: error code 49, data 52e)
Atlassian Knowledge Base
On this page
Related content
Still need help?
The Atlassian Community is here for you.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .
Problem
Users are unable to log in. Nothing has changed in JIRA side.
The following appears in the atlassian-jira .log:
Cause
LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with JIRA are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49
This can happen when that user is either removed or has its password changed from LDAP side.
Resolution 1
Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing JIRA to connect to LDAP.
Resolution 2
Alternatively, you can run the following query against your database to find out which one is the admin account that JIRA uses to connect to the LDAP:
Note: The query may return multiple results in case you have more than one User Directory in your JIRA instance.
Re-adding the user back to the LDAP with the same password should resolve the issue.
Resolution 3
As JIRA storing LDAP Login credential in the database without encryption, you may also update those LDAP credential in your database:
lDAP Password Field
LDAP User Name Field
attribute_value is the fields which storing those data.
Always perform a backup before you perform edit/update query in the database. It is also highly recommended for you to perform this in a test instance before proceeding with production instance.
Источник
LDAP: error code 49 — 80090308
I recently saw my log files as we were experiencing slowness in our application and found the follwoing error message :
javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext
error, data 52e, v893]; remaining name ‘dc=hess,dc=pri,dc=com’
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549)
at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2523)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1904)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1809)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1734)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:328)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:313)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:238)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.getGroupNames(LdapRswSecurityDao.java:197)
at com.retek.rsw.persistence.ldap.LdapRswSecurityDao.authenticateAndReadUser(LdapRswSecurityDao.java:92)
at com.retek.rsw.service.RswSecurity.getUser(RswSecurity.java:47)
at com.retek.rsw.ui.control.security.LoginDoneAction.perform(LoginDoneAction.java:37)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1787)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at com.retek.struts.action.ActionServlet.process(ActionServlet.java:227)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
Can anyone please help me understand this message. I looked it up on the internet and it said that you DN’s are not set properly, if that is the case then none of the users should be able to login then howcome users are able to login?
Thanks in Advance,
Joyce
Источник
Confluence Support
Get started
Knowledge base
Products
Jira Software
Project and issue tracking
Jira Service Management
Service management and customer support
Jira Work Management
Manage any business project
Confluence
Bitbucket
Git code management
Resources
Documentation
Usage and admin help
Answers, support, and inspiration
System Status
Cloud services health
Suggestions and bugs
Feature suggestions and bug reports
Marketplace
Billing and licensing
Frequently asked questions
Viewport
Confluence
Users are unable to log in to Confluence (LDAP: error code 49, data 52e)
Related content
Still need help?
The Atlassian Community is here for you.
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .
Problem
Users are unable to log in. Nothing has changed in Confluence side.
The following appears in the atlassian.confluence.log:
Cause
LDAP Error 49 data 52e means that the credentials of the user configured to bind LDAP directory with Confluence are incorrect, as described here: https://confluence.atlassian.com/kb/common-user-management-errors-820119309.html#CommonUserManagementErrors-ActiveDirectoryError49
This can happen when that user is either removed or has its password changed from LDAP side.
Resolution 1
Follow the steps outlined at Restore Passwords To Recover Admin User Rights. By doing so, you’ll be able to access the User Directory settings and change the «Username» field with a valid admin user or change the «Password» field with the new password, allowing Confluence to connect to LDAP.
Resolution 2
Alternatively, you can run the following query against your database to find out which one is the admin account that Confluence uses to connect to the LDAP:
Note: The query may return multiple results in case you have more than one User Directory in your Confluence instance.
Re-adding the user back to the LDAP with the same password should resolve the issue.
Источник
LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.
Here is my java code
String userName = "*******";
String password = "********";
String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
String dn = "cn=" + userName + "," + base;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://******");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
LDAPAuthenticationService ldap = new LDAPAuthenticationService();
// LdapContext ctx;
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
My error is on this line: ctx = new InitialDirContext(env);
I do not know what exactly is causing this error.
simbabque
53.5k8 gold badges77 silver badges133 bronze badges
asked Jul 14, 2015 at 15:59
0
For me the issue resolved when I set the principal section like this:
env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);
answered Nov 9, 2016 at 15:45
VishalVishal
1,8332 gold badges19 silver badges22 bronze badges
4
In my case I have to use something like <username>@<domain> to successfully login.
sample_user@sample_domain
smonff
3,3513 gold badges39 silver badges46 bronze badges
answered Sep 24, 2018 at 7:50
Linh NguyenLinh Nguyen
2012 silver badges8 bronze badges
When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).
answered Oct 9, 2018 at 16:19
MAWMAW
8738 silver badges22 bronze badges
I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.
For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!
answered Jun 23, 2017 at 5:46
CountCount
1,3652 gold badges19 silver badges38 bronze badges
1
For me the issue is resolved by adding domain name in user name as follow:
string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);
answered Nov 23, 2018 at 7:14
if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»
answered Jul 5, 2019 at 3:34
HaoSiHaoSi
211 bronze badge
0
For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.
PS I was using ServerBind authentication.
answered Feb 24, 2021 at 14:02
1
LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.
answered Apr 13, 2017 at 20:40
For me issue is resolved by changing envs like this:
env.put("LDAP_BASEDN", base)
env.put(Context.SECURITY_PRINCIPAL,"user@domain")
answered Aug 28, 2019 at 7:52
1
Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):
Hashtable<String, Object> env = new Hashtable<String, Object>();
String principalName = "domainName\userName";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, principalName);
env.put(Context.SECURITY_CREDENTIALS, "Your Password");
try {
DirContext authContext = new InitialDirContext(env);
// user is authenticated
System.out.println("USER IS AUTHETICATED");
} catch (AuthenticationException ex) {
// Authentication failed
System.out.println("AUTH FAILED : " + ex);
} catch (NamingException ex) {
ex.printStackTrace();
}
answered Feb 7, 2020 at 11:35
2
I’ve tested three diferent approaches and them all worked:
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");
If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.
answered Jan 27, 2022 at 15:57
In my case I misconfigured email credentials then I corrected
var passport = require('passport'),
WindowsStrategy = require('passport-windowsauth'),
User = require('mongoose').model('User');
module.exports = function () {
passport.use(new WindowsStrategy({ldap: {
url: 'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
base: 'DC=corp,DC=company,DC=com',
bindDN: 'myid@corp.company.com',
bindCredentials:'password',
tlsOptions: {
ca: [fs.readFileSync("./cert.pem")],
},
}, integrated: false},
function(profile, done) {
console.log('Windows');
console.log(profile);
User.findOrCreate({
username: profile.id
}, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false, {
message: 'Unknown user'
});
}
if (!user.authenticate(password)) {
return done(null, false, {
message: 'Invalid password'
});
}
return done(null, user);
});
}));
};
answered May 12, 2022 at 13:50
KARTHIKEYAN.AKARTHIKEYAN.A
16.7k6 gold badges115 silver badges130 bronze badges
Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .
You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.
answered Jul 19, 2022 at 10:13
LDAP: error code 49 — 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
I know «52e» code is when username is valid, but password is invalid. I am using the same user name and password in my apache studio, I was able to establish the connection succesfully to LDAP.
Here is my java code
String userName = "*******";
String password = "********";
String base ="DC=PSLTESTDOMAIN,DC=LOCAL";
String dn = "cn=" + userName + "," + base;
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://******");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
LDAPAuthenticationService ldap = new LDAPAuthenticationService();
// LdapContext ctx;
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
My error is on this line: ctx = new InitialDirContext(env);
I do not know what exactly is causing this error.
simbabque
53.5k8 gold badges77 silver badges133 bronze badges
asked Jul 14, 2015 at 15:59
0
For me the issue resolved when I set the principal section like this:
env.put(Context.SECURITY_PRINCIPAL, userId@domainWithoutProtocolAndPortNo);
answered Nov 9, 2016 at 15:45
VishalVishal
1,8332 gold badges19 silver badges22 bronze badges
4
In my case I have to use something like <username>@<domain> to successfully login.
sample_user@sample_domain
smonff
3,3513 gold badges39 silver badges46 bronze badges
answered Sep 24, 2018 at 7:50
Linh NguyenLinh Nguyen
2012 silver badges8 bronze badges
When you use Context.SECURITY_AUTHENTICATION as «simple», you need to supply the userPrincipalName attribute value (user@domain_base).
answered Oct 9, 2018 at 16:19
MAWMAW
8738 silver badges22 bronze badges
I had a similar issue when using AD on CAS , i.e. 52e error, In my case application accepts the Full Name when in the form of CN= instead of the actual username.
For example, if you had a user who’s full name is Ross Butler and their login username is rbutler —you would normally put something like, cn=rbutler,ou=Users,dc=domain,dc=com but ours failed everytime. By changing this to cn=Ross Butler,ou=Users,dc=domain,dc=com it passed!!
answered Jun 23, 2017 at 5:46
CountCount
1,3652 gold badges19 silver badges38 bronze badges
1
For me the issue is resolved by adding domain name in user name as follow:
string userName="yourUserName";
string password="passowrd";
string hostName="LdapServerHostName";
string domain="yourDomain";
System.DirectoryServices.AuthenticationTypes option = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
string userNameWithDomain = string.Format("{0}@{1}",userName , domain);
DirectoryEntry directoryOU = new DirectoryEntry("LDAP://" + hostName, userNameWithDomain, password, option);
answered Nov 23, 2018 at 7:14
if you debug and loook at ctx=null,maybe your username hava proble ,you shoud write like
«acadministrator»(double «») or «administrator@ac»
answered Jul 5, 2019 at 3:34
HaoSiHaoSi
211 bronze badge
0
For me the cause of the issue was that the format of username was incorrect. It was earlierly specified as «mydomainuser». I removed the domain part and the error was gone.
PS I was using ServerBind authentication.
answered Feb 24, 2021 at 14:02
1
LDAP is trying to authenticate with AD when sending a transaction to another server DB. This authentication fails because the user has recently changed her password, although this transaction was generated using the previous credentials. This authentication will keep failing until … unless you change the transaction status to Complete or Cancel in which case LDAP will stop sending these transactions.
answered Apr 13, 2017 at 20:40
For me issue is resolved by changing envs like this:
env.put("LDAP_BASEDN", base)
env.put(Context.SECURITY_PRINCIPAL,"user@domain")
answered Aug 28, 2019 at 7:52
1
Using domain Name may solve the problem (get domain name using powershell: $env:userdomain):
Hashtable<String, Object> env = new Hashtable<String, Object>();
String principalName = "domainName\userName";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://URL:389/OU=ou-xx,DC=fr,DC=XXXXXX,DC=com");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, principalName);
env.put(Context.SECURITY_CREDENTIALS, "Your Password");
try {
DirContext authContext = new InitialDirContext(env);
// user is authenticated
System.out.println("USER IS AUTHETICATED");
} catch (AuthenticationException ex) {
// Authentication failed
System.out.println("AUTH FAILED : " + ex);
} catch (NamingException ex) {
ex.printStackTrace();
}
answered Feb 7, 2020 at 11:35
2
I’ve tested three diferent approaches and them all worked:
env.put(Context.SECURITY_PRINCIPAL, "user");
env.put(Context.SECURITY_PRINCIPAL, "user@domain.com");
env.put(Context.SECURITY_PRINCIPAL, "CN=user,OU=one,OU=two,DC=domain,DC=com");
If you use the last one, don’t forget to set all the OU’s where the user belongs to. Otherwise it won’t work.
answered Jan 27, 2022 at 15:57
In my case I misconfigured email credentials then I corrected
var passport = require('passport'),
WindowsStrategy = require('passport-windowsauth'),
User = require('mongoose').model('User');
module.exports = function () {
passport.use(new WindowsStrategy({ldap: {
url: 'ldap://corp.company.com:389/DC=corp,DC=company,DC=com',
base: 'DC=corp,DC=company,DC=com',
bindDN: 'myid@corp.company.com',
bindCredentials:'password',
tlsOptions: {
ca: [fs.readFileSync("./cert.pem")],
},
}, integrated: false},
function(profile, done) {
console.log('Windows');
console.log(profile);
User.findOrCreate({
username: profile.id
}, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
return done(null, false, {
message: 'Unknown user'
});
}
if (!user.authenticate(password)) {
return done(null, false, {
message: 'Invalid password'
});
}
return done(null, user);
});
}));
};
answered May 12, 2022 at 13:50
KARTHIKEYAN.AKARTHIKEYAN.A
16.7k6 gold badges115 silver badges130 bronze badges
Please remove domain from the username «mydomainuser». please put «user» only. do not put domain and backslash .
You do not use ldaps://examplehost:8080(do not use s with ldaps coz cert is required), use ldap://examplehost:8080 then use non-TLS port number. it worked for me.
answered Jul 19, 2022 at 10:13
Troubleshooting
Problem
BMXAA6765E — The LdapSyncCronTask could not be started
Symptom
Ldapsync fails with error BMXAA6765E — The LdapSyncCronTask could not be started. Log shows caused by — Caused by:
javax.naming.AuthenticationException: [LDAP: error code 49 — 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525,
vece]
Resolving The Problem
Error 49
indicates incorrect credentials which means that the password is
incorrectly defined for the principal user. In the LDAP Sync Cron Task
setup screen, locate the credential parameter for this Cron Task
instance and re-enter the password. Save the cron task, and then restart
the MXServer. Many Cron Task parameters require the MXServer to be
restarted.
[{«Product»:{«code»:»SSLKT6″,»label»:»IBM Maximo Asset Management»},»Business Unit»:{«code»:»BU055″,»label»:»Cognitive Applications»},»Component»:»—«,»Platform»:[{«code»:»PF016″,»label»:»Linux»},{«code»:»PF027″,»label»:»Solaris»},{«code»:»PF033″,»label»:»Windows»},{«code»:»PF010″,»label»:»HP-UX»},{«code»:»PF002″,»label»:»AIX»}],»Version»:»6.2.1;6.2.2;6.2.3;6.2.4;6.2.5;6.2.6;6.2.7;6.2.8;7.1;7.2;7.2.1;7.5;7.6″,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SSWK4A»,»label»:»Maximo Asset Management Essentials»},»Business Unit»:{«code»:»BU059″,»label»:»IBM Software w/o TPS»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SSLKTY»,»label»:»Maximo Asset Management for IT»},»Business Unit»:{«code»:»BU053″,»label»:»Cloud & Data Platform»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}},{«Product»:{«code»:»SS6HJK»,»label»:»Tivoli Service Request Manager»},»Business Unit»:{«code»:»BU053″,»label»:»Cloud & Data Platform»},»Component»:» «,»Platform»:[{«code»:»»,»label»:»»}],»Version»:»»,»Edition»:»»,»Line of Business»:{«code»:»LOB59″,»label»:»Sustainability Software»}}]


