shibtest and active directory: CREDENTIALS NOT RECOGNIZED

Rod Widdowson rdw at
Fri Sep 7 12:08:15 EDT 2012

My apologies if this has been touched on.  Have you read

The "Active directory" section gives a few hints..

My first instinct would be to try the GC port...


> -----Original Message-----
> From: users-bounces at [mailto:users-bounces at] On Behalf Of Cantor, Scott
> Sent: 07 September 2012 16:06
> To: Shib Users
> Subject: Re: shibtest and active directory: CREDENTIALS NOT RECOGNIZED
> On 9/7/12 10:51 AM, "Mauro Minella" <Mauro.Minella at> wrote:
> >As said in my previous mails, if I use the same username/password with
> >LDAP client (LDAPSEARCH), it works perfectly.
> I don't really care about that. Your LDAP client's environment has nothing much to do with the IdP
> environment. It's a useful sanity check but nothing more.
> >I increased the logging level with <logger name="edu.vt.middleware.ldap"
> >level="DEBUG/>
> >, however it seems this is not enough to tell me why the authentication
> >fails. Which other logs could I turn up, in order to know why the
> >authentication fails?
> Nothing else. You could try TRACE I guess.
> >And this is the output of the LDAP query: I ran a query as
> >[adreader at shibdomain.local / abc123!], looking for "CN=ad
> >reader,CN=Users,DC=shibdomain,DC=local"
> Then obviously the error is in your settings within the IdP, not in the settings you're able to
> reproduce in the LDAP client.
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list