Home
Extended ECM
API, SDK, REST and Web Services
Authenticating to LDAP Server
Daniel_Connolly_(danielconnolly_-_(deleted))
Hi,we're trying to configure Directory Services to synchronize with a CA eTrust Directory LDAP Server. We are familiar with Directory services, we use it to integrate with the AD.We're getting the following error message in the thread log file (cleansed, <> inserted by me):--------------[Wed Jun 07 13:56:02 2006] : Connecting to : as ...KLDAP constructor: unauthenticated bind failed.[Wed Jun 07 13:56:02 2006] : Synchronization completed with error: Can't contact LDAP server--------------The logs on the LDAP server show (cleansed, inserted by me):---------------! Accepting call from TCP :> > <-- LDAP MESSAGE messageID 1> BindRequest> version: 3> name: > authentication:> simple: (masked)> ! UserCreateAssoc: c3b5f4 4 (total=2)! > > <- #4 LDAP BIND-REQ> invoke-id = 1 credit = 4> Remote address:> nsap = ""> > ! ----------UserRequest (004/001)----------20060607.085314.117 ! userRequest! UserBindRequest? 20060607.085314.117 WARN : Bind: Credentials not supplied! ----------userSendIdu (004/001)----------20060607.085314.117 ! > > -> #4 LDAP BIND-REFUSE> invoke-id = 1 credit = -5> Bind Error: Security Error: Inappropriate authentication------------------Directory Services seems to be not logging in to the LDAP server properly. Has anyone experienced this? Any ideas on how to get it working?We're using LL 9.5.0 SP1, April 2006 patched, DS 2.3.1, on W2K3, IIS 6. DS configured to synchronize LDAP Read Only, authentication not configured (yet).Thanks,Daniel
Find more posts tagged with
Comments
Geoff_Obbard
Message from Geoff Obbard <
gobbard@opentext.com
> via eLink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">eLink
Hi Daniel,
Livelink Directory Services first attempts an anonymous connection to the configured LDAP server. Once the anonymous bind is successful, it follows up with an authenticated bind. This approach works on all of the supported LDAP servers.
You will either have to configure your LDAP server to access anonymous binds, or customise Directory Services to get around this problem.
Hope this helps,
Geoff
From:
eLink Discussion: Livelink Directory Services Discussion [mailto:directoryservices@elinkkc.opentext.com]
Sent:
Wednesday, June 07, 2006 8:55 AM
To:
eLink Recipient
Subject:
Authenticating to LDAP Server
Authenticating to LDAP Server
Posted by
danielconnolly
(Connolly, Daniel) on 06/07/2006 08:50 AM
Hi,
we're trying to configure Directory Services to synchronize with a CA eTrust Directory LDAP Server. We are familiar with Directory services, we use it to integrate with the AD.
We're getting the following error message in the thread log file (cleansed, <> inserted by me):
--------------
[Wed Jun 07 13:56:02 2006] : Connecting to <server.domain.name>:<port> as <username>...
KLDAP constructor: unauthenticated bind failed.
[Wed Jun 07 13:56:02 2006] : Synchronization completed with error: Can't contact LDAP server
--------------
The logs on the LDAP server show (cleansed, <text> inserted by me):
---------------
! Accepting call from TCP <IP address>:<port>
>
> <-- LDAP MESSAGE messageID 1
> BindRequest
> version: 3
> name:
> authentication:
> simple: (masked)
>
! UserCreateAssoc: c3b5f4 4 (total=2)
!
>
> <- #4 LDAP BIND-REQ
> invoke-id = 1 credit = 4
> Remote address:
> nsap = "<long binary string>"
>
>
! ----------UserRequest (004/001)----------20060607.085314.117
! userRequest
! UserBindRequest
? 20060607.085314.117 WARN : Bind: Credentials not supplied
! ----------userSendIdu (004/001)----------20060607.085314.117
!
>
> -> #4 LDAP BIND-REFUSE
> invoke-id = 1 credit = -5
> Bind Error: Security Error: Inappropriate authentication
------------------
Directory Services seems to be not logging in to the LDAP server properly. Has anyone experienced this? Any ideas on how to get it working?
We're using LL 9.5.0 SP1, April 2006 patched, DS 2.3.1, on W2K3, IIS 6. DS configured to synchronize LDAP Read Only, authentication not configured (yet).
Thanks,
Daniel
Daniel_Connolly_(danielconnolly_-_(deleted))
Message from via eLinkYes, this was it. We have reconfigured the LDAP server to allow ananonymous bind to the userstore without allowing any access to thecontents. It seems to then authenticate, enabling access to the contents.Thanks,Daniel-----Original Message-----From: eLink Discussion: Livelink Directory Services Discussion[mailto:directoryservices@elinkkc.opentext.com] Sent: Wednesday, 07 June 2006 15:26To: eLink RecipientSubject: RE Authenticating to LDAP ServerThis email message is intended only for the use of the named recipient.Information contained in this email message and its attachments may beprivileged, confidential and protected from disclosure. If you are not theintended recipient, please do not read, copy, use or disclose thiscommunication to others. Also please notify the sender by replying to thismessage and then delete it from your system.
