ActiveDirectory authentication failure
1,371 views
Skip to first unread message
Dimitar
Jan 8, 2013, 5:37:04 PM1/8/13
to rundeck...@googlegroups.com
Hi,
I have hard time implementing ActiveDirectory authentication with RunDeck because of the following error:
2013-01-08 17:22:26.205::WARN: javax.security.auth.login.LoginException: java.lang.IllegalStateException: Unable to establish root context
...
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3099)
What I need to do is to bind to a context like this "ou=Users,DC=example,DC=com" and search in the scope subtree for user names with attribute uid=username.
These are my settings:
bindDn="ou=Users,DC=example,DC=com"
bindPassword="secret"
authenticationMethod="simple"
forceBindingLogin="false"
I am not sure about these settings to satisfy my requirements:
userBaseDn=""
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="unicodePwd"
How to specify scope in RunDeck LDAP configuration? RunDeck should be able to connect to the AD server without user name &password to perform the search on uid=username
Thanks,
Dimitar
Dimitar
Jan 9, 2013, 2:27:57 PM1/9/13
to rundeck...@googlegroups.com
It looks like RunDeck requires a dedicated user account just to bind to Active Directory, before it could even try to query AD for the given user.
Dimitar
Jeffrey Hulten
Jan 9, 2013, 2:31:48 PM1/9/13
to rundeck...@googlegroups.com
I think this is an AD limitation of their LDAP implementation. I am pretty sure they don't allow anonymous anything...
--
Jeffrey Hulten
Principal Consultant at Automated Labs, LLC
je...@automatedlabs.com 206-853-5216
Skype: jeffhulten
--
Jeffrey Hulten
Principal Consultant at Automated Labs, LLC
je...@automatedlabs.com 206-853-5216
Skype: jeffhulten
Reply all
Reply to author
Forward
0 new messages