//ldap configuration help for scm manager

  • avatar

    ldap configuration help for scm manager

    funeeldy11 – 26. July 2021, 14:59 h

    Where can I find help with configuring the ldap authentication. I have filled in the fields using information that works in other applications, and the test fails. but it gives no reason or error message to tell me why it is failing??? Any more documentation on this somewhere?

  • Last change: 26. July 2021, 15:00 h
  • avatar
    pfeuffer – 26. July 2021, 16:30 h

    In the configuration there is a "Test Connection" button. Do you mean this with "the test fails"? The popup should give you four status fields, one for "Configuration", "Connection", "Search user", and "Authenticate user" each. If "Configuration" is red, you have invalid configuration values that cannot be interpreted, if "Connection" is red, the ldap server itself cannot be reached (most probably an invalid url or port). A "failed" for "Search user" means, that the Connection Password or the Connection DN may be wrong. And if all the above is ok and only "Authenticate user" fails, the user cannot be found with the settings or the password is wrong. Can you tell us, what your status look like?

    Additionally there should be a stack trace, giving further information (it may be necessary to search the text for occurances of Caused by: to get more details on the error).

    Feel free to contact us, if this does not help.

      You need to be logged in to download any files!
    1. Screenshot-20210726182652-664x668.png 59.2 kB created at July 26, 2021, 4:30:13 PM
  • avatar
    funeeldy11 – 26. July 2021, 17:27 h

    Thank you, when I choose the active directory option, I have less fields than for custom, so I tried that one. my entries are in the attached file named screen2. screen1 file shows the results of the test. here is the error message. I didn't realize I had to scroll down to see it.

    on sonia.scm.auth.ldap.BindConnectionFailedException: failed to create bind connection for CN=RESUS-SW JENKINS,OU=people,OU=Employees,DC=zollmed,DC=com at sonia.scm.auth.ldap.LdapConnectionFactory.createBindConnection(LdapConnectionFactory.java:54) at sonia.scm.auth.ldap.LdapAuthenticator.authenticate(LdapAuthenticator.java:49) at sonia.scm.auth.ldap.resource.LdapConnectionTester.test(LdapConnectionTester.java:53) at sonia.scm.auth.ldap.resource.LdapConfigResource.testConfig(LdapConfigResource.java:106) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at . . . org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) at java.lang.Thread.run(Thread.java:748) Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580

      You need to be logged in to download any files!
    1. screen1.PNG 55.5 kB created at July 26, 2021, 5:27:06 PM
    2. screen2.PNG 75.7 kB created at July 26, 2021, 5:27:07 PM
  • avatar
    pfeuffer – 27. July 2021, 07:51 h

    This looks like something deep down inside LDAP. I tried to find something for the error code DSID-0C09044E but could not find a simple answer (eg. https://community.bmc.com/s/article/Remedy-AR-System-Server-Prod--Users-getting-authentication-failed-on-remedy-for-AD-users-on-1908 or https://www.reddit.com/r/activedirectory/comments/n5f6gm/help_tracking_down_anonymous_ldap_login/). Do you have access to the LDAP logs to get more specific information?

  • avatar
    pfeuffer – 27. July 2021, 08:08 h

    My colleague just gave me the hint, that code 49 indicates an authorization error. Could you double check your Connection DN and the Connection Password?

  • avatar
    funeeldy11 – 27. July 2021, 13:59 h

    thank you for the hint. I changed the DN for the login name to be just the account and it works.