Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Invalid credentials supplied to LDAP
80 views
Skip to first unread message
Chad Leeper
Aug 7, 2009, 12:56:55 PM8/7/09
to
GroupWise 7.03 on NetWare 6.5 SP7
I am having an issue with Ldap where only certain users can login to GroupWise and GW Messenger via Ldap.
I have 3 OUs and some users from each OU can login fine others generate the following message on the agent console
"invalid credentials supplied to ldap" iManager and NoRM work fine on this server. SSL is enabled for client to server connections
for both GW and Gw Messenger.
A bit of history...
This server was a physical box that died and was rebuilt in ESX. The server was installed clean and data was restored.
PKIdiag does not show any errors. The server name and ip stayed the same.
I would think if Ldap was the issue then iManager and NoRM would not work but, on the other hand some users can login just fine while others cannot.
I have enabled debug logging but, nothing sticks out as an issue.
I am leaning towards deleting the SSL CertificateDNS, SSL CertificateIP, and SAS Service for the server and having PKIdiag recreate them.
Also, I was going to regenerate the *.b64 and *.key files for SSL.
Does anyone else have any ideas???
Thanks,
/Chad
Chad Leeper
Aug 13, 2009, 10:17:21 AM8/13/09
to
I only have one Ldap server set for this PO. The error is invalid credentials supplied to Ldap. If I change the ldap server
to point to our other Netware box users are able to log in just fine. NTS is suggesting that something is wrong with
some the of the users objects but, I leaning towards something wrong Ldap. The weird part is over half of my users
can login via ldap to the server that is having the issue. Very strange.
Thanks,
/Chad
Uwe Buckesfeld
Aug 13, 2009, 2:35:24 PM8/13/09
to
Chad,
an LDAP trace on the LDAP server is probably more interesting.
Uwe
Mike Gerst
Sep 10, 2009, 3:03:10 PM9/10/09
to
We see this same error for GW 7.03 connecting to a server running NW 6.5 SP8 edir 8.8.4 ftf1 with:
DS version - 20217.07 1/30/2009
NLDAP version - 20218.11 1/30/2009
NLDAP version - 20218.11 1/30/2009
It is on the same IP segment as the server running the GW POA agent.
Clients are able to login but frequently receive LDAP errors.
The GW POA log shows:
11667: 12:36:19 213 Initializing Secured LDAP session with nnn.nnn.nnn.nnn at port 636 using SSL Key file SYS:\SYSTEM\xxxxxx.der
11668: 12:36:19 213 LDAP Error: 48
11669: 12:36:19 213 LDAP Error: Inappropriate authentication
11670: 12:36:19 213 Error: LDAP failure detected [D06B] User:<userid here>
11668: 12:36:19 213 LDAP Error: 48
11669: 12:36:19 213 LDAP Error: Inappropriate authentication
11670: 12:36:19 213 Error: LDAP failure detected [D06B] User:<userid here>
I performed a NLDAP Trace and it shows:
New TLS connection 0x6934a1c0 from nnn.nnn.nnn.nnn:25120, monitor = 0x1f9, index = 1
Monitor 0x1f9 initiating TLS handshake on connection 0x6934a1c0
DoTLSHandshake on connection 0x6934a1c0
BIO ctrl called with unknown cmd 7
Completed TLS handshake on connection 0x6934a1c0
DoBind on connection 0x6934a1c0
Treating simple bind with empty DN and no password as anonymous
Bind name:NULL, version:3, authentication:simple
Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x6934a1c0
DoUnbind on connection 0x6934a1c0
Connection 0x6934a1c0 closed
Monitor 0x1f9 initiating TLS handshake on connection 0x6934a1c0
DoTLSHandshake on connection 0x6934a1c0
BIO ctrl called with unknown cmd 7
Completed TLS handshake on connection 0x6934a1c0
DoBind on connection 0x6934a1c0
Treating simple bind with empty DN and no password as anonymous
Bind name:NULL, version:3, authentication:simple
Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x6934a1c0
DoUnbind on connection 0x6934a1c0
Connection 0x6934a1c0 closed
New TLS connection 0x6934a1c0 from nnn.nnn.nnn.nnn:48200, monitor = 0x1f9, index = 1
Monitor 0x1f9 initiating TLS handshake on connection 0x6934a1c0
DoTLSHandshake on connection 0x6934a1c0
BIO ctrl called with unknown cmd 7
Completed TLS handshake on connection 0x6934a1c0
DoBind on connection 0x6934a1c0
Treating simple bind with empty DN and no password as anonymous
Bind name:NULL, version:3, authentication:simple
Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x6934a1c0
DoUnbind on connection 0x6934a1c0
Connection 0x6934a1c0 closed
Monitor 0x1f9 initiating TLS handshake on connection 0x6934a1c0
DoTLSHandshake on connection 0x6934a1c0
BIO ctrl called with unknown cmd 7
Completed TLS handshake on connection 0x6934a1c0
DoBind on connection 0x6934a1c0
Treating simple bind with empty DN and no password as anonymous
Bind name:NULL, version:3, authentication:simple
Sending operation result 48:"":"Anonymous Simple Bind Disabled." to connection 0x6934a1c0
DoUnbind on connection 0x6934a1c0
Connection 0x6934a1c0 closed
Any ideas on what I need to do?
Mike
Mike Gerst
Sep 10, 2009, 6:17:58 PM9/10/09
to
Aaron,
I should have mentioned I had that setting applied as well... saw the post.
I'll run an LDAPSearch on the users on that PO and check the password expiration!
Mike
>>>
>>>
| From: | aaronm04<aaro...@no-mx.forums.novell.com> |
| To: | novell.support.groupwise.7x.agents |
| Date: | 9/10/2009 2:36 PM |
| Subject: | Re: Invalid credentials supplied to LDAP |
Go to your PO Properties - Security. Change the "Inactive ConnectionTimeout" to '5' (default is 30). As I said, this won't stop it, but theproblem should disappear faster.
HTH,
Aaron-- aaronm04------------------------------------------------------------------------aaronm04's Profile: http://forums.novell.com/member.php?userid=6828View this thread: http://forums.novell.com/showthread.php?t=382530
Mike Gerst
Jan 12, 2010, 3:19:20 PM1/12/10
to
We have learned that
Bind Restrictions must be set to "None" for GroupWise PO Agents to connect to NLDAP running on a NW 6.5 SP8 Edir 8.8.4 server.
We can turn on Requiring TLS,for all operations and
disable port 389
We do use a certificate file which resides in SYS:\SYSTEM
MIke
0 new messages