LDAP Errors

Post Reply
jreach
OpenVpn Newbie
Posts: 4
Joined: Tue Nov 08, 2016 3:21 pm

LDAP Errors

Post by jreach » Tue Nov 08, 2016 3:32 pm

Hello,

We are having the following error show up for users (both new accounts in AD and existing accounts).

LDAP invalid credentials on ldaps://PDC_IP/: {'info': '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 701, v1772', 'desc': 'Invalid credentials'} (facility='user_bind on u'CN=DISPLAY_NAME,CN=Users,DC=DOMAIN,DC=com' via search (u'DC=DOMAIN, DC=com', 2, u'(&(sAMAccountName=LOGIN_ID)(memberOf=CN=VPNUsers, CN=Users, DC=DOMAIN, DC=com))')')

I have verified the credentials are correct for the existing user having issues. I have also created a brand new user account, and the login still fails with the above error.

I have the following set on the LDAP Configuration page on the Web GUI.

Primary Server: PDC_IP
Secondary Server: SDC_IP
User SSL to connect to LDAP servers: (checked)
Using Domain Administrator Credentials for initial Bind

Base DN for User entries: DC=DOMAIN, DC=com
Username Attribute: sAMAccountName
Additional LDAP Requirement: memberOf=CN=VPNUsers, CN=Users, DC=DOMAIN, DC=com

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5920
Joined: Fri Jun 03, 2016 1:17 pm

Re: LDAP Errors

Post by TinCanTech » Tue Nov 08, 2016 3:50 pm

Initially posted in "Forum and Website support".

Please Identify the Openvpn Product you are using.

jreach
OpenVpn Newbie
Posts: 4
Joined: Tue Nov 08, 2016 3:21 pm

Re: LDAP Errors

Post by jreach » Tue Nov 08, 2016 4:15 pm

Sure thing.

We are using the OpenVPN Virtual Appliance VMware ESXI (Ubuntu 14), directly from the OpenVPN site.
Our appliance Version is 2.1.4

jreach
OpenVpn Newbie
Posts: 4
Joined: Tue Nov 08, 2016 3:21 pm

Re: LDAP Errors

Post by jreach » Fri Nov 11, 2016 4:00 pm

Any suggestions?

novaflash
I should be on the dev team.
Posts: 978
Joined: Fri Apr 13, 2012 8:43 pm

Re: LDAP Errors

Post by novaflash » Fri Nov 11, 2016 5:26 pm

Sounds to me like the credentials are invalid. Or the user account is expired or the password is expired and needs changing.

vicenac
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 10, 2019 10:48 pm

Re: LDAP Errors

Post by vicenac » Tue Sep 10, 2019 3:12 pm

The bind DN is like this:
CN=firstname lastname, CN=domain_ou, DC=domain, DC=tld
So the first DN is not the user name, but the Display Name.

Post Reply