shibtest and active directory: CREDENTIALS NOT RECOGNIZED
Rod Widdowson
rdw at steadingsoftware.com
Fri Sep 7 12:08:15 EDT 2012
My apologies if this has been touched on. Have you read
https://wiki.shibboleth.net/confluence/display/SHIB2/LdapServerIssues
The "Active directory" section gives a few hints..
My first instinct would be to try the GC port...
Rod
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
> Sent: 07 September 2012 16:06
> To: Shib Users
> Subject: Re: shibtest and active directory: CREDENTIALS NOT RECOGNIZED
>
> On 9/7/12 10:51 AM, "Mauro Minella" <Mauro.Minella at microsoft.com> wrote:
>
> >As said in my previous mails, if I use the same username/password with
> >LDAP client (LDAPSEARCH), it works perfectly.
>
> I don't really care about that. Your LDAP client's environment has nothing much to do with the IdP
> environment. It's a useful sanity check but nothing more.
>
> >I increased the logging level with <logger name="edu.vt.middleware.ldap"
> >level="DEBUG/>
> >, however it seems this is not enough to tell me why the authentication
> >fails. Which other logs could I turn up, in order to know why the
> >authentication fails?
>
> Nothing else. You could try TRACE I guess.
>
> >And this is the output of the LDAP query: I ran a query as
> >[adreader at shibdomain.local / abc123!], looking for "CN=ad
> >reader,CN=Users,DC=shibdomain,DC=local"
>
> Then obviously the error is in your settings within the IdP, not in the settings you're able to
> reproduce in the LDAP client.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list