RE: Login to PWM Configuration Window
323 views
Skip to first unread message
Gopi Vattikonda
Jul 1, 2021, 1:34:48 AM7/1/21
to pwm-general
Hi Team,
We have implemented PWM for our OpenLdap configuration and everything is done, after saving configuration it's showing login screen which user we can used to login to it.
we have tried with our LDAP users but it's No user was match.
can you help me on this or if you guys provide me any Documentation that would be helpful us.
Please find attached Image for your reference.
Thanks & Regards
Gopi Vattikonda
Jason Rivard
Jul 2, 2021, 8:05:47 PM7/2/21
to pwm-general
Did you look at the logs...?
Gopi Vattikonda
Jul 8, 2021, 3:38:30 AM7/8/21
to pwm-g...@googlegroups.com
Hi Jason Rivard,
I have gone through the logs there and I can see the invalid credentials but whatever test-auth login is showing in error the same user we logged into our workstation it's working fine but in this PWM it's not allowing.
I have a few questions?
> Proxy user means can we use Admin user as Proxy User or do we need to create a specific user with the specific privileges?
> admin user DN we are using this uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com is this right?
> if you have any clear documentation for configuration can you provide me please.
2021-07-07T02:07:47Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldap://ldap.sample.com:389 as uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com reason: [LDAP: error code 49 - Invalid Credentials]))
2021-07-07T02:07:47Z, FATAL, servlet.AbstractPwmServlet, {UtK9V} 5017 ERROR_DIRECTORY_UNAVAILABLE (all ldap profiles are unreachable; errors: ["error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldap://ldap.sample.com:389 as uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com reason: [LDAP: error code 49 - Invalid Credentials])"]) [10.1.222.72]
2021-07-07T02:14:12Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: unable to create connection: unable to bind to ldap://ldap.sample.com:389 as uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com reason: [LDAP: error code 53 - Too many failed logins.
2021-07-07T02:07:47Z, FATAL, servlet.AbstractPwmServlet, {UtK9V} 5017 ERROR_DIRECTORY_UNAVAILABLE (all ldap profiles are unreachable; errors: ["error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldap://ldap.sample.com:389 as uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com reason: [LDAP: error code 49 - Invalid Credentials])"]) [10.1.222.72]
2021-07-07T02:14:12Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: unable to create connection: unable to bind to ldap://ldap.sample.com:389 as uid=test-auth,cn=users,cn=accounts,dc=sample,dc=com reason: [LDAP: error code 53 - Too many failed logins.
Can you help where we are doing wrong and also we are going through with the Configuration Guide, using PWM-2.0.0.war.
--
You received this message because you are subscribed to a topic in the Google Groups "pwm-general" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pwm-general/BRG8qHqgWuY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pwm-general...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/d5820b78-ea5e-481f-8cd3-1793e2a6e800n%40googlegroups.com.
Jason Rivard
Jul 10, 2021, 9:56:40 PM7/10/21
to pwm-general
The authentication is failing because 'error connecting to proxy user: reason invalid credentials'. Your proxy user password is incorrect.
1) You shoud not use your LDAP admin account for anything except creating other accounts.
2) You need a seperate proxy and a test-user account for PWM (are you possibly using the same account for both? don't do that).
3) During the initial setup and in later in the configuration the system tells you the permissions required by the proxy user based on your configuration.
Gopi Vattikonda
Jul 13, 2021, 11:32:57 PM7/13/21
to pwm-g...@googlegroups.com
Hi Jason,
Can you guide me how we can create Proxy user and test-user. We are new to this tool that's why asking clearly.
Do we need to create these two users from our LDAP side or what?
If you have steps please provide us.
Thanks & Regards
Gopi Vattikonda
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/ebc3f2c0-0104-4965-8b50-6fc4161d32c3n%40googlegroups.com.
Gopi Vattikonda
Jul 20, 2021, 3:49:44 AM7/20/21
to pwm-g...@googlegroups.com
Hi Jason,
Can you help me with this, we are excited to use this tool.
We have already Proxy ldap user for users authentication from the other servers, the same we are using in this configuration it's showing Invalied credentials the same working for others. we are surprised where it's going wrong.
Thanks in Advance.
Thanks & Regards
Gopi Vattikonda
Paul Hodgdon
Jul 20, 2021, 8:20:47 AM7/20/21
to pwm-g...@googlegroups.com
Can you try to bind using an ldap client or ldapsearch? Looks like the password you are using for your test account is wrong.
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/CAFsfvPX6aT78Xok1WM-oU9Ef64CqONVnHBgmmxRWv2evF6OP%2BA%40mail.gmail.com.
Paul Hodgdon
Principal Consultant | Identity Works LLC
Epping | New Hampshire
03042 | USA
+1 603 661 1508 (mobile) | +1 603 734 2681 (office)
www.identityworksllc.com
Reply all
Reply to author
Forward
0 new messages