Page 1 of 1

LDAP authentication fails

Posted: Thu Aug 31, 2017 7:51 am
by albaruthenia
Hello All,

yesterday, we installed CmapServer 6.04.01 on Windows Server 2012, and configured it with user LDAP authentication, connecting to the AD server on port 389. The same credentials are used for 'admin.account', 'root.folder.account' and 'ldap.root.folder.account', and that user does exist in the Active Directory. Here is the the excerpt from the CmapServer log:

Code: Select all

InitUtils::addExtraAdminEntriesFromConfigFile: LDAP Authentication is enabled, so if account 'xxxxxx' is not already in the root folder, we will add it with ADMIN permissions. But first we must authenticate 'saipam' with the LDAP directory.
(CLASS: METHOD: getUserDN LINE: 937)
LDAPUserDirectory: unable to lookup user DN with anonymous access, lookup is now disabled[30/Aug/2017:15:54:18] SLP: new directory agent:

(CLASS: METHOD: getUserDN LINE: 938)
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09075A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ];
InitUtils::addExtraAdminEntriesFromConfigFile: LDAP authentication failed for user xxxxxx
InitUtils::ensureRootFolderExists: addExtraAdminEntriesFromConfigFile returned.
InitUtils::ensureRootFolderExists: But still pai.getNumberOfAdminPrincipals() == 0
InitUtils::ensureRootFolderExists: pai.getNumberOfAdminPrincipals() == 0
InitUtils::complain: Cannot start the CmapServer. There are no Admin accounts in the root folder.
StartupMonitor::abort: Reason:
The CmapServer failed to initialize.
I wonder what may be wrong with our setup? Is this because of the connection to the LDAP server failing, or this is a real authentication issue? The latter would be unlikely, since the same credentials work everywhere else.

Thank you in advance.

Re: LDAP authentication fails

Posted: Thu Aug 31, 2017 5:11 pm
by albaruthenia
A side note: does CmapServer always expect some security layer implemented on the LDAP server side? What if there is none (no TLS or SSL)?