[MarkLogic Dev General] External Authentication Failed

Geert Josten Geert.Josten at marklogic.com
Wed Jul 29 08:51:52 PDT 2015


Hi,

If you are using MD5 bind method, just use the user name, and not the full DN. Or use simple bind method instead, then you can use the full DN as default name. Also the ldap base needs to point to a group containing the user directly.

Cheers,
Geert

From: <general-bounces at developer.marklogic.com<mailto:general-bounces at developer.marklogic.com>> on behalf of Danny Sinang <d.sinang at gmail.com<mailto:d.sinang at gmail.com>>
Reply-To: MarkLogic Developer Discussion <general at developer.marklogic.com<mailto:general at developer.marklogic.com>>
Date: Wednesday, July 29, 2015 at 5:30 PM
To: general <General at developer.marklogic.com<mailto:General at developer.marklogic.com>>
Subject: [MarkLogic Dev General] External Authentication Failed

I'm running ML 8.0-3 on Windows Server 2012 and I've created an External Security configuration to authenticate an ML app against Active Directory.

Its settings go like this :

external security name : dom1
ldap server url : ldap://dom1.company.com:389<http://dom1.company.com:389>
authentication : ldap
authorization : ldap
ldap base : ou=UserAccounts,dc=dom1,dc=company,dc=com
ldap attribute : sAMAccountName
ldap default user : cn=aduser,ou=ServiceAccounts,ou=UserAccounts,dc=dom1,dc=company,dc=com
ldap bind method : MD5

And then I configured the ML app to have these settings :

[Inline image 1]

The app prompts me for my username and password, but authentication always fails and I get this error message :



2015-07-29 11:26:56.266 Debug: LDAP user dsinang not found in login cache

2015-07-29 11:26:56.282 Debug: LDAPClient: XDMP-LDAP: LDAP Error: ldap_bind_s: Invalid Credentials (49)

2015-07-29 11:26:56.282 Debug: HTTPServer externalAuthenticate with ldap for dsinang failed

2015-07-29 11:26:56.282 Info: External authentication failed:dsinang

What could I be missing and how do I test the External Security Config settings ?

Also, does the xdmp:ldap-lookup() function rely on the above settings ?

Regards,
Danny

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20150729/6cc0a2bb/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 77345 bytes
Desc: image.png
Url : http://developer.marklogic.com/pipermail/general/attachments/20150729/6cc0a2bb/attachment-0001.png 


More information about the General mailing list