question-mark

Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Active Directory LDAP Issues

See original GitHub issue

Issue Description

Maybe its just me but at the moment I feel like I have tried everything.

Is it possible to get 4minitz working with active directory ldap? at the moment all I receieve is “Login error Invalid credentials [403]”

the logs say something along the lines of: {"dn":"","code":49,"name":"InvalidCredentialsError","message":"80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839\u0000"}

Current cut down ldap settings.

"ldap": {
        "enabled": true,
        "propertyMap": {
            "username": "sAMAccountName",
            "longname": "cn",
            "email": "mail"
        },
        "searchFilter": "",
        "serverDn": "DC=workplace,DC=local",
        "serverUrl": "ldap://servername.workplace.local:389",
        "allowSelfSignedTLS": true,
        "whiteListedFields": [ "sAMAccountName", "cn", "mail" ],
        "inactiveUsers": {"strategy": "none"},
        "autopublishFields": [ "sAMAccountName", "cn" ],
        "importCronTab": "* 14 5 * * *"

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:38 (23 by maintainers)

github_iconTop GitHub Comments

1reaction
derwokcommented, Oct 5, 2017

One more thing: I see you have not set an “inactive user” setting… Please ask your LDAP admin and consider something like: "inactiveUsers": {"strategy": "userAccountControl"},

Otherwise users switched to inactive in LDAP will be able to login to 4Minitz.

1reaction
derwokcommented, Oct 5, 2017

Yes, we’ve seen errors like this in MS AD environments. Some AD servers need a bind() with valid credentials before they allow queries of the AD DB.

Please try settings like this:

"ldap": {
     "enabled": true,
      [... your stuff...]
      "authentication": {
            "userDn": "YOURDC\\username",
            "password": "XXX"
        }
}

Sometimes this syntax works for authentication: "userDn": "cn=admin, ou=Admins, dc=example, dc=com",

Please report back if this works for you. And don’t foget to “star” us on github if you like 4Minitz. 😉

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshoot LDAP over SSL connection problems
Troubleshoot LDAP over SSL connection problems · Step 1: Verify the Server Authentication certificate · Step 2: Verify the Client Authentication ...
Read more >
Troubleshooting Active Directory/LDAP server issues - DrayTek
Verify the Active Directory/LDAP account by Ldp tool · Download the ldp tool here. · Unzip the file and run ldp.exe · Connect...
Read more >
[SOLVED] troubleshooting ldap issue - Active Directory & GPO
Solution: Maybe then, one of your ldap server binds has incorrect credentials ?LDAP account on AD is set to never expire? however that...
Read more >
Troubleshooting Active Directory Authentication issues with ...
Examining LDAP interface events in the Windows Directory Service Event log can help determine if a bad password or bad username is the...
Read more >
How to troubleshoot LDAP Authentication issues using ldp.exe
How to troubleshoot LDAP Authentication issues using ldp.exe · 1. define the server. · 2. Bind with Credentials. The User should be that...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found