-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP invalidCredentials Error #709
Comments
What if you use the cn naming rather than uid? sAMAccountName value as the
cn value
cn=rsmith,ou=IT,ou=Office Users,ou=accounts,dc=domain,dc=com
Does your bind work with Apache Directory Studio?
…On Tue, Jun 25, 2019 at 8:57 AM anees30 ***@***.***> wrote:
Using Python 3.6.7 and ldap3-2.6
The following code raises invalidCredentials when proper user DN and
password are used.
from ldap3 import Server, Connection, ALL, NTLM
server = Server('192.168.55.73', get_info=ALL)
conn = Connection(server, ***@***.***,OU=IT,OU=Office Users,OU=RUG,OU=Accounts,DC=domain,DC=com', 'password411', auto_bind=False)
if not conn.bind():
print('error in bind', conn.result)
else:
print('Connection Successful', conn.result)
Here is the error
error in bind {'result': 49, 'description': 'invalidCredentials', 'dn':
'', 'message': '80090308: LdapErr: DSID-0C090400, comment:
AcceptSecurityContext error, data 52e, v1db1\x00', 'referrals': None,
'saslCreds': None, 'type': 'bindResponse'}
Please guide what is missing...?
For more information here is the screen short...
[image: LDAP Binding failed]
<https://user-images.githubusercontent.com/46647705/60099891-3ea2f680-9761-11e9-9c48-8b3aa53c359c.png>
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#709?email_source=notifications&email_token=AJMZJW5ODRNPXYT4IOWK2ATP4II3XA5CNFSM4H3IAYG2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4G3RI6JQ>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJMZJW33RYALQLRCN4MPPUDP4II3XANCNFSM4H3IAYGQ>
.
|
@fpatterson55 I tried with cn but same result.
cn=9999 or cn=9999@domain.com which is correct. |
Sorry, that is what I get for not using NTLM for a long time.
https://ldap3.readthedocs.io/bind.html#ntlm
Go to the ntlm section, looks like you use the SISCILY format (not LDAP
rfc, but hey it is MS)
# import class and constantsfrom ldap3 import Server, Connection,
SIMPLE, SYNC, ALL, SASL, NTLM
# define the server and the connections = Server('servername',
get_info=ALL)c = Connection(s, user="AUTHTEST\\Administrator",
password="password", authentication=NTLM)# perform the Bind
operationif not c.bind():
All joking aside, I am impressed with MicroSoft's choices to be more
open to the opensource communities. I have listened to quite a few
python podcasts indicating as much.
…On Tue, Jun 25, 2019 at 9:53 AM anees30 ***@***.***> wrote:
@fpatterson55 <https://github.com/fpatterson55> I tried with cn but same
result.
>>> conn = Connection(server, 'cn=9999,OU=IT,OU=Office Users,OU=RUG,OU=Accounts,DC=domainr,DC=com', 'password4111', auto_bind=True)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/anees/.local/lib/python3.6/site-packages/ldap3/core/connection.py", line 325, in __init__
self.do_auto_bind()
File "/home/anees/.local/lib/python3.6/site-packages/ldap3/core/connection.py", line 353, in do_auto_bind
raise LDAPBindError(self.last_error)
ldap3.core.exceptions.LDAPBindError: automatic bind not successful - invalidCredentials
cn=9999 or ***@***.*** which is correct.
"Does your bind work with Apache Directory Studio?"... no idea about
this...
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#709?email_source=notifications&email_token=AJMZJW6MNWQVAKR672VNHL3P4IPPDA5CNFSM4H3IAYG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYQKF3A#issuecomment-505455340>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJMZJW3HHJAH5M7J6FD2RV3P4IPPDANCNFSM4H3IAYGQ>
.
|
@fpatterson55
But what I am looking for is LDAP base and filter. This information is required to use in an ERP application to login and authenticate with Windows Active Directory users.... |
These are my settings in our ERP System When I login with AD user getting following error....
Any idea what could be the base and filter? and how to get it from AD? |
since odoo is being used, you may want to contact them. I don't know what
their filter would be wanting to look at. Although your settings may be
right, they would know best what calls are being made. You could setup a
packet trace, but you might have to decode the TLS communication.
AD might have a LDAP trace option, but I am not familiar with it if they do.
You might try to connect with apache directory studio to confirm your bind
is successful over LDAP.
If you are Linux based you might be able to use an ldapsearch command for
NTLM.
…On Tue, Jun 25, 2019 at 11:10 AM anees30 ***@***.***> wrote:
These are my settings in our ERP System
LDAP base = CN=Users,DC=thimar,DC=com
LDAP filter = sAMAccountName=%s
When I login with AD user getting following error....
2019-06-25 14:50:30,114 1999 ERROR hrdemo
odoo.addons.auth_ldap.models.res_company_ldap: LDAP bind failed.
Any idea what could be the base and filter? and how to get it from AD?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#709?email_source=notifications&email_token=AJMZJWYTFXIFPVAQMZVMO5DP4IYPBA5CNFSM4H3IAYG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYQSLUI#issuecomment-505488849>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJMZJW2GAF4VY2WWBOVX3S3P4IYPBANCNFSM4H3IAYGQ>
.
|
I am not Linux based. Could you please share the ldapsearch syntax. |
https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities
I am not aware of a windows based install. So you may want to stick with
apache directory studio or other ldap based utilities to test
authentication.
…On Tue, Jun 25, 2019 at 4:30 PM anees30 ***@***.***> wrote:
I am not Linux based. Could you please share the ldapsearch syntax.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#709?email_source=notifications&email_token=AJMZJW5XJ5BBSE5BOEN5NQ3P4J57PA5CNFSM4H3IAYG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYRQB3Q#issuecomment-505610478>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AJMZJWYYM4T7J6BMFXX6YPDP4J57PANCNFSM4H3IAYGQ>
.
|
Where to install apache directory studio. |
@fpatterson55 I have installed apache directory studio on a computer in the network. Given host, Bind User and Bind password. It connected successfully. |
Now I am getting a different error when logging to odoo erp..
What could be the reason... |
Using Python 3.6.7 and ldap3-2.6
The following code raises invalidCredentials when proper user DN and password are used.
Here is the error
error in bind {'result': 49, 'description': 'invalidCredentials', 'dn': '', 'message': '80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1\x00', 'referrals': None, 'saslCreds': None, 'type': 'bindResponse'}
Please guide what is missing...?
For more information here is the screen short...
The text was updated successfully, but these errors were encountered: