Ldap configuration help for scm manager

Where can I find help with configuring the ldap authentication. I have filled in the fields using information that works in other applications, and the test fails. but it gives no reason or error message to tell me why it is failing??? Any more documentation on this somewhere?

In the configuration there is a “Test Connection” button. Do you mean this with “the test fails”? The popup should give you four status fields, one for “Configuration”, “Connection”, “Search user”, and “Authenticate user” each. If “Configuration” is red, you have invalid configuration values that cannot be interpreted, if “Connection” is red, the ldap server itself cannot be reached (most probably an invalid url or port). A “failed” for “Search user” means, that the Connection Password or the Connection DN may be wrong. And if all the above is ok and only “Authenticate user” fails, the user cannot be found with the settings or the password is wrong. Can you tell us, what your status look like?

Additionally there should be a stack trace, giving further information (it may be necessary to search the text for occurances of Caused by: to get more details on the error).

Feel free to contact us, if this does not help.

Thank you, when I choose the active directory option, I have less fields than for custom, so I tried that one. my entries are in the attached file named screen2. screen1 file shows the results of the test. here is the error message. I didn’t realize I had to scroll down to see it.

on sonia.scm.auth.ldap.BindConnectionFailedException: failed to create bind connection for
CN=RESUS-SW JENKINS,OU=people,OU=Employees,DC=zollmed,DC=com at
sonia.scm.auth.ldap.LdapConnectionFactory.createBindConnection(LdapConnectionFactory.java:54) at
sonia.scm.auth.ldap.LdapAuthenticator.authenticate(LdapAuthenticator.java:49) at
sonia.scm.auth.ldap.resource.LdapConnectionTester.test(LdapConnectionTester.java:53) at
sonia.scm.auth.ldap.resource.LdapConfigResource.testConfig(LdapConfigResource.java:106) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at . . .
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) at
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) at
java.lang.Thread.run(Thread.java:748) Caused by: javax.naming.AuthenticationException: [LDAP: error
code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e,
v2580

This looks like something deep down inside LDAP. I tried to find something for the error code DSID-0C09044E but could not find a simple answer (eg. BMC Community or https://www.reddit.com/r/activedirectory/comments/n5f6gm/help_tracking_down_anonymous_ldap_login/). Do you have access to the LDAP logs to get more specific information?

My colleague just gave me the hint, that code 49 indicates an authorization error. Could you double check your Connection DN and the Connection Password?

thank you for the hint. I changed the DN for the login name to be just the account and it works.

Hi guys,

I’m issuing the same problem, can you please navigate me what could be the Connection DN user and Connection password? is it the Domain Admin / Enterprise Admin account of that Domain controller (where LDAP is located) or should it be the Global Admin of SCM manager, only created also on Domain controller side?

guys and girsl,

ignore my question, also wrongly setup Connection DN :slight_smile: Worked properly after testing was done! thanks!

5 Likes

Hey @dragan.misukic

thanks for getting in touch anyway and great to see, that you could solve the issue on your own. If you need any help in the future, feel free to share your problem with us again!

Best wishes,
Maik

The LDAP/LDAPS is a bit tricky as it is also depends on the server behavior.
In case of LDAPS, we have to update the JAVA KEYSTORE (cacerts) with the certificate chain.

I got this working after several hours of debugging in and out.

1 Like