Page 1 of 1

LDAP Errors

Posted: Tue Nov 08, 2016 3:32 pm
by jreach

We are having the following error show up for users (both new accounts in AD and existing accounts).

LDAP invalid credentials on ldaps://PDC_IP/: {'info': '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 701, v1772', 'desc': 'Invalid credentials'} (facility='user_bind on u'CN=DISPLAY_NAME,CN=Users,DC=DOMAIN,DC=com' via search (u'DC=DOMAIN, DC=com', 2, u'(&(sAMAccountName=LOGIN_ID)(memberOf=CN=VPNUsers, CN=Users, DC=DOMAIN, DC=com))')')

I have verified the credentials are correct for the existing user having issues. I have also created a brand new user account, and the login still fails with the above error.

I have the following set on the LDAP Configuration page on the Web GUI.

Primary Server: PDC_IP
Secondary Server: SDC_IP
User SSL to connect to LDAP servers: (checked)
Using Domain Administrator Credentials for initial Bind

Base DN for User entries: DC=DOMAIN, DC=com
Username Attribute: sAMAccountName
Additional LDAP Requirement: memberOf=CN=VPNUsers, CN=Users, DC=DOMAIN, DC=com

Re: LDAP Errors

Posted: Tue Nov 08, 2016 3:50 pm
by TinCanTech
Initially posted in "Forum and Website support".

Please Identify the Openvpn Product you are using.

Re: LDAP Errors

Posted: Tue Nov 08, 2016 4:15 pm
by jreach
Sure thing.

We are using the OpenVPN Virtual Appliance VMware ESXI (Ubuntu 14), directly from the OpenVPN site.
Our appliance Version is 2.1.4

Re: LDAP Errors

Posted: Fri Nov 11, 2016 4:00 pm
by jreach
Any suggestions?

Re: LDAP Errors

Posted: Fri Nov 11, 2016 5:26 pm
by novaflash
Sounds to me like the credentials are invalid. Or the user account is expired or the password is expired and needs changing.

Re: LDAP Errors

Posted: Tue Sep 10, 2019 3:12 pm
by vicenac
The bind DN is like this:
CN=firstname lastname, CN=domain_ou, DC=domain, DC=tld
So the first DN is not the user name, but the Display Name.