IdP 3.4.3 attribute-resolver.xml LDAP DataConnector errors

[Glanville, Peter C.]

This was completely correct. Even though the password worked for password authentication, the password when used on the dataconnector side ended up locking the account when I tried in quick succession... reset the password to something else and all is good. 

Thank you all again for the assistance. 

Peter Glanville
Enterprise Infrastructure Manager
Office of Information Technology
Marie V. McDemmond Center for Applied Research
555 Park Avenue, Suite 401
Norfolk, Virginia 23504
(757) 823-8098 (Office)
(757) 823-2128 (Fax)
pcglanville at nsu.edu
www.nsu.edu


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Wednesday, April 10, 2019 10:22 AM
To: users at shibboleth.net
Subject: Re: IdP 3.4.3 attribute-resolver.xml LDAP DataConnector errors

This email may be spoofed.

* Peter Schober <peter.schober at univie.ac.at> [2019-04-10 16:17]:
> * Glanville, Peter C. <pcglanville at nsu.edu> [2019-04-10 15:50]:
> > resultCode=49 (invalid credentials), diagnosticMessage='80090308:
> >         LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext
> 
> The actual error you're getting here means "wrong DN/password", though.
> Plus whatever details M$ adds there in the diagnosticMessage stuff.
> Did you look those up?

I failed to include one of the relevant bits when quoting above:
According to random web search results[1] the "52e" bit of the error message you got means the username/DN is valid, but the password is wrong.

So AFAICT this has nothing to do with even resolving attributes, yet.

-peter

[1] https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net