Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

LDAP bind failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 - bindResponse - None

See original GitHub issue

If i try and login with a domain user, i get this error: LDAP bind failed: LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 - bindResponse - None

now if i try and login with the user i am using in the settings.py to do the ldap auth, i get

LDAP connect succeeded LDAP user lookup failed

that seems correct as the service accoutn is not in the same place as the domain users. Also if i run the ldap_sync_users i can see its pulling users from the correct ou. But i dont want all my users sync to the db, so i see no reason to do the sync, as the user is supposed to be synced when they login right?

` LDAP_AUTH_URL = “ldap://dc01.intern.domain.local:389”

LDAP_AUTH_USE_TLS = False

LDAP_AUTH_SEARCH_BASE = “OU=MyUsers,DC=intern,DC=domain,DC=local”

LDAP_AUTH_FORMAT_USERNAME = “django_python3_ldap.utils.format_username_active_directory”

LDAP_AUTH_CONNECTION_USERNAME = ‘XXXX’ LDAP_AUTH_CONNECTION_PASSWORD = ‘Xyx’

LDAP_AUTH_USER_FIELDS = { “username”: “sAMAccountName”, “first_name”: “givenName”, “last_name”: “sn”, “email”: “mail”, }

LDAP_AUTH_OBJECT_CLASS = “user”`

any idea what i am missing? (im testing the login on the admin login page)

Issue Analytics

State:
Created 4 years ago
Comments:8

Top GitHub Comments

4reactions

madsholmecommented, Feb 17, 2020

# The URL of the LDAP server.
LDAP_AUTH_URL = "ldap://dc01.intern.domain.local:389"

# Initiate TLS on connection.
LDAP_AUTH_USE_TLS = True

# The LDAP search base for looking up users.

LDAP_AUTH_SEARCH_BASE = "OU=MyUsers,DC=intern,DC=domain,DC=local"                
# The LDAP class that represents a user.

LDAP_AUTH_OBJECT_CLASS = "organizationalPerson"

# User model fields mapped to the LDAP
# attributes that represent them.
LDAP_AUTH_USER_FIELDS = {
    "username": "userPrincipalName",
    #"username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",

}

# A tuple of django model fields used to uniquely identify a user.
LDAP_AUTH_USER_LOOKUP_FIELDS = ("username",)

# Path to a callable that takes a dict of {model_field_name: value},
# returning a dict of clean model data.
# Use this to customize how data loaded from LDAP is saved to the User model.
LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data"

# Path to a callable that takes a user model and a dict of {ldap_field_name: [value]},
# and saves any additional user relationships based on the LDAP data.
# Use this to customize how data loaded from LDAP is saved to User model relations.
# For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA.
LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations"

# Path to a callable that takes a dict of {ldap_field_name: value},
# returning a list of [ldap_search_filter]. The search filters will then be AND'd
# together when creating the final search filter.
LDAP_AUTH_FORMAT_SEARCH_FILTERS = "django_python3_ldap.utils.format_search_filters"

# Path to a callable that takes a dict of {model_field_name: value}, and returns
# a string of the username to bind to the LDAP server.
# Use this to support different types of LDAP server.
#LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_openldap"
LDAP_AUTH_FORMAT_USERNAME = "django_python3_ldap.utils.format_username_active_directory"
# Sets the login domain for Active Directory users.
#LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN = None

# The LDAP username and password of a user for authenticating the `ldap_sync_users`
# management command. Set to None if you allow anonymous queries.
LDAP_AUTH_CONNECTION_USERNAME = 'YYYYYYYY'
LDAP_AUTH_CONNECTION_PASSWORD = 'XXXXXXX'

This seems to work if i login as username@email.com but if i change it to

LDAP_AUTH_USER_FIELDS = {  
    "username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",

}

it does not work with my username only. What am i missing?

0reactions

JonnyB1438commented, Jun 10, 2022

This helped, thanks.

Top Results From Across the Web

error code 49 - 80090308: LdapErr: DSID-0C09042F ...

I know "52e" code is when username is valid, but password is invalid. I am using the same user name and password for...

problem with django-python3-ldap : r/djangolearning - Reddit

LDAP bind failed : LDAPInvalidCredentialsResult - 49 - invalidCredentials - None - 80090308: LdapErr: DSID-0C09042F, comment: ...

LDAP Configuration, AcceptSecurityContext error, data 52e

This error line here "LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e" indicates thats ...

Data codes related to 'LDAP: error code 49' with Microsoft ...

NOTE: Returns when username is invalid. 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893. HEX: 0x52e - invalid credentials

openldap "invalid credentials" trying to authenticate with ...

First verify that the binddn after the -D matches the cn of the user you're trying to bind as exactly. If it does...