LDAP authentication fails

Having problems with IHMC CmapServer? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Post Reply
albaruthenia
Posts: 2
Joined: Wed Aug 30, 2017 2:45 pm

LDAP authentication fails

Post by albaruthenia » Thu Aug 31, 2017 7:51 am

Hello All,

yesterday, we installed CmapServer 6.04.01 on Windows Server 2012, and configured it with user LDAP authentication, connecting to the AD server on port 389. The same credentials are used for 'admin.account', 'root.folder.account' and 'ldap.root.folder.account', and that user does exist in the Active Directory. Here is the the excerpt from the CmapServer log:

Code: Select all

InitUtils::addExtraAdminEntriesFromConfigFile: LDAP Authentication is enabled, so if account 'xxxxxx' is not already in the root folder, we will add it with ADMIN permissions. But first we must authenticate 'saipam' with the LDAP directory.
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 937)
LDAPUserDirectory: unable to lookup user DN with anonymous access, lookup is now disabled[30/Aug/2017:15:54:18] SLP: new directory agent: 184.182.233.158:80:8001

(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 938)
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ];
...
InitUtils::addExtraAdminEntriesFromConfigFile: LDAP authentication failed for user xxxxxx
InitUtils::ensureRootFolderExists: addExtraAdminEntriesFromConfigFile returned.
InitUtils::ensureRootFolderExists: But still pai.getNumberOfAdminPrincipals() == 0
InitUtils::ensureRootFolderExists: pai.getNumberOfAdminPrincipals() == 0
InitUtils::complain: Cannot start the CmapServer. There are no Admin accounts in the root folder.
StartupMonitor::abort: Reason:
The CmapServer failed to initialize.
I wonder what may be wrong with our setup? Is this because of the connection to the LDAP server failing, or this is a real authentication issue? The latter would be unlikely, since the same credentials work everywhere else.

Thank you in advance.

albaruthenia
Posts: 2
Joined: Wed Aug 30, 2017 2:45 pm

Re: LDAP authentication fails

Post by albaruthenia » Thu Aug 31, 2017 5:11 pm

A side note: does CmapServer always expect some security layer implemented on the LDAP server side? What if there is none (no TLS or SSL)?

Post Reply