Ldap_sasl_interactive_bind_s: Invalid credentials (49)

David_Beauchamp · April 4, 2021, 7:38pm

NethServer Version:
NethServer 7.9.2009

Module:
Local Active Directory

When attempting:
From my gitlab server inside my green network

ldapsearch -H ldaps://nsdc-neth.eureka.net -b "DC=eureka,DC=net" -U ldapservice@EUREKA.NET -v -LLL

and after copying and pasting the bind password from the ‘Local Active Directory Details’

I get the result:

ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1

account-provider-test dump

{
"BindDN" : "ldapservice@EUREKA.NET",
"LdapURI" : "ldaps://nsdc-neth.eureka.net",
"DiscoverDcType" : "ldapuri",
"StartTls" : "",
"port" : 636,
"host" : "nsdc-neth.eureka.net",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "dc=eureka,dc=net",
"GroupDN" : "dc=eureka,dc=net",
"BindPassword" : "souperseekret",
"BaseDN" : "dc=eureka,dc=net",
"LdapUriDn" : "ldap:///dc%3Deureka2Cdc%3Dnet"
}
`

I’m pretty stumped here; everything looks correct.

David_Beauchamp · April 5, 2021, 2:23pm

Well, I’ve made some headway…

ldapsearch -x -H ldaps://nsdc-neth.eureka.net:636 -b "dc=eureka,dc=net" -D ldapservice@EUREKA.NET -w souperseekret -v

This method worked. I Don’t know why this worked when the above method failed and the below method also failed. (I mean I understand ~why~ the below failed, in light of the actual DN, but still…)

ldapsearch -x -H ldaps://nsdc-neth.eureka.net:636 -b "dc=eureka,dc=net" -D cn=ldapservice,dc=eureka,dc=net -w souperseekret -v

When the dump clearly states: "UserDN" : "dc=eureka,dc=net"

That said, when I actually used the DN I pulled via ADSI Edit:

-D cn=ldapservice,cn=users,dc=eureka,dc=net it also works.

So, please someone, anyone, make me smarter here.

giacomo · April 6, 2021, 7:06am

Hi David,
welcome to NethServer community!

I’ve faced a similar issue few days ago when trying to authenticate Proxmox UI against our Samba 4 DC.
The solution is the one you’ve already found, use cn=ldapservice,cn=Users,dc=ad,dc=nethesis,dc=it as bind DN.

I do not know why the dump lies here I think it’s a matter of how the bind is done.
Maybe @davidep can help on this.

So, what is the errore on GitLab right now? Is the GitLab authentication working?

David_Beauchamp · April 6, 2021, 12:49pm

Yes, I’ve successfully integrated gitlab with the nethserver AD, as well as a dokuwiki server.