Ldap_sasl_interactive_bind_s: Invalid credentials (49)

NethServer Version:
NethServer 7.9.2009

Local Active Directory

When attempting:
From my gitlab server inside my green network

ldapsearch -H ldaps://nsdc-neth.eureka.net -b "DC=eureka,DC=net" -U ldapservice@EUREKA.NET -v -LLL

and after copying and pasting the bind password from the ‘Local Active Directory Details’

I get the result:

ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1

account-provider-test dump

"BindDN" : "ldapservice@EUREKA.NET",
"LdapURI" : "ldaps://nsdc-neth.eureka.net",
"DiscoverDcType" : "ldapuri",
"StartTls" : "",
"port" : 636,
"host" : "nsdc-neth.eureka.net",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "dc=eureka,dc=net",
"GroupDN" : "dc=eureka,dc=net",
"BindPassword" : "souperseekret",
"BaseDN" : "dc=eureka,dc=net",
"LdapUriDn" : "ldap:///dc%3Deureka2Cdc%3Dnet"

I’m pretty stumped here; everything looks correct.

Well, I’ve made some headway…

ldapsearch -x -H ldaps://nsdc-neth.eureka.net:636 -b "dc=eureka,dc=net" -D ldapservice@EUREKA.NET -w souperseekret -v

This method worked. I Don’t know why this worked when the above method failed and the below method also failed. (I mean I understand ~why~ the below failed, in light of the actual DN, but still…)

ldapsearch -x -H ldaps://nsdc-neth.eureka.net:636 -b "dc=eureka,dc=net" -D cn=ldapservice,dc=eureka,dc=net -w souperseekret -v

When the dump clearly states: "UserDN" : "dc=eureka,dc=net"

That said, when I actually used the DN I pulled via ADSI Edit:

-D cn=ldapservice,cn=users,dc=eureka,dc=net it also works.

So, please someone, anyone, make me smarter here. :slight_smile:

1 Like

Hi David,
welcome to NethServer community!

I’ve faced a similar issue few days ago when trying to authenticate Proxmox UI against our Samba 4 DC.
The solution is the one you’ve already found, use cn=ldapservice,cn=Users,dc=ad,dc=nethesis,dc=it as bind DN.

I do not know why the dump lies here :smiley: I think it’s a matter of how the bind is done.
Maybe @davidep can help on this.

So, what is the errore on GitLab right now? Is the GitLab authentication working?

Yes, I’ve successfully integrated gitlab with the nethserver AD, as well as a dokuwiki server.