Login error: ldap: initial bind for user: Invalid Credentials - Active Directory

Get Help
,
1

Hi All,

I’ve installed the ondemand-dex service and configured LDAP. The bind account authenticates successfully via a ldapsearch but not via the OpenOnDemand interface as per the error below. Any recommendations or opinions?

Internal Server Error

Login error: ldap: initial bind for user “cn=bind account,ou=users,dc=home,dc=lab” failed: LDAP Result Code 49 “Invalid Credentials”: 80090308: LdapErr: DSID-0C090434, comment: AcceptSecurityContext error, data 52e, v4f7c

dex:
connectors:

  • type: ldap
    id: ldap
    name: ActiveDirectory
    config:
    host: home.lab:389
    insecureNoSSL: True
    insecureSkipVerify: True
    rootCA: “/etc/ood/dex/myCA.pem”
    bindDN: “cn=bind account,ou=users,dc=home,dc=lab”
    bindPW: “xxxx”
    usernamePrompt: “AD Username”
    userSearch:
    baseDN: CN=Users,DC=home,DC=lab
    filter: “(objectClass=user)”
    username: sAMAccountName
    idAttr: sAMAccountName
    nameAttr: sAMAccountName
    groupSearch:
    baseDN: dc=home,dc=lab
    filter: “(objectClass=group)”
    userAttr: distinguishedName
    groupAttr: member
    nameAttr: cn

Regards
Tim

2

Hi Tim,

Thanks for Posting. Below I have pasted my “test” ldap configuration that is on my private network at home. This configuration does work. However, I am using openldap, not Active Directory. Hoping this will help you some. I haven’t had time to work through getting ssl to work.

connectors:

  • type: ldap
    id: ldap
    name: LDAP
    config:
    host: ood.gbsw.net:389
    insecureNoSSL: true
    insecureSkipVerify: true
    bindDN: cn=admin,dc=gbsw,dc=net
    bindPW: xxx
    userSearch:
    baseDN: ou=users,dc=gbsw,dc=net
    username: uid
    idAttr: uid
    emailAttr: mail
    nameAttr: cn
    preferredUsernameAttr: uid
    groupSearch:
    baseDN: ou=developer,dc=gbsw,dc=net
    userMatchers:
    - userAttr: DN
    groupAttr: member
    nameAttr: cn
3

Thanks for the response. Instead of …

bindDN: cn=admin,dc=gbsw,dc=net I used "

… I replaced with …

bindDN: admin@gbsw.net

which resolved my bind issue. LDAP config has always been black magic for me. Thank you for responding.