I have hit a wall trying to configure CmapServer 6.01.04 (running on Suse Linux Enterprise Server 12) to use our Active Directory server to authenticate users.
I am entering ldap-related values into serverconfig.txt as follows (some values lightly disguised):
Code: Select all
user.authentication=authentication.standard,authentication.ldap
ldap.root.folder.account=myaccount
ldap.root.folder.password=encrypted
ldap.user.directory.ip=ams-ads-01.ad.my.org
ldap.user.directory.port=636
ldap.user.directory.connection.mode=ssl
ldap.user.directory.usersBaseDN=OU\=PRV,OU\=USR,OU\=AMS,OU\=ORG,DC\=ad,DC\=my,DC\=org
ldap.user.directory.groupsBaseDN=OU\=STD,OU\=GRP,OU\=AMS,OU\=ORG,DC\=ad,DC\=my,DC\=org
ldap.user.directory.userAttr=sAMAccountName
ldap.user.directory.groupAttr=cn
ldap.user.directory.debug=true
Code: Select all
case 0: bindPlain? false
case 2: getUserDN
getUserDN: looking up? false
getUserDN: returning default
trying first bind with sAMAccountName=myaccount,OU=PRV,OU=USR,OU=AMS,OU=ORG,DC=ad,DC=my,DC=org
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: bind LINE: 837)
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580^@]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at us.ihmc.net.ssl.SSLInitialContextFactory.getContext(SSLInitialContextFactory.java:171)
at us.ihmc.net.ssl.SSLInitialContextFactory.getInitialContext(SSLInitialContextFactory.java:93)
at nlk.acl.directory.ldap.LDAPHelper.bind(LDAPHelper.java:68)
at nlk.acl.directory.ldap.LDAPUserDirectory.bind(LDAPUserDirectory.java:830)
at nlk.acl.directory.ldap.LDAPUserDirectory.authenticateUser(LDAPUserDirectory.java:338)
at nlk.base.LDAPAuthenticator.authenticateUser(LDAPAuthenticator.java:24)
at nlk.acl.NewCmapACLManager.checkPermission(NewCmapACLManager.java:148)
at nlk.acl.NewCmapACLManager.checkPermission(NewCmapACLManager.java:37)
at nlk.resio.ResourceService.getFolderTOC(ResourceService.java:1107)
at nlk.resio.ResourceService.handleHashtable(ResourceService.java:161)
at nlk.resio.ResourceService.requestToService(ResourceService.java:96)
at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
Code: Select all
ldap.root.folder.account=myfirstname mylastname
ldap.user.directory.userAttr=CN
Code: Select all
case 0: bindPlain? false
case 2: getUserDN
getUserDN: looking up? false
getUserDN: returning default
trying first bind with CN=myfirstname mylastname,OU=PRV,OU=USR,OU=AMS,OU=ORG,DC=ad,DC=my,DC=org
So, any ideas on how can this problem be addressed? Full log attached for details.
p.s. I have also tried the build of CmapServer 150904-0033 that apparently has a fix for a different ldap / AD bug, referenced in this thread viewtopic.php?f=8&t=3979.