LDAPException resultCode=49 (invalid credentials)

Chris alexseedkou at gmail.com
Wed Feb 19 03:27:19 EST 2020 

Hi all,

I have struggled on this for a couple of days. I used Shibboleth Idp with
open ldap as backend db for the authentication of a user. After everything
set up, my SP could send a request for SSO and let me log in through the
login web page of shibboleth, however after i input my test credential, I
keep getting the error ```Login Failure: Pool is empty and connection
creation failed```. According to the the log, it seems that I have an
invalid credential to connect my ldap server. So I tired to use the same
credential to search the ldap and I can get  the information below:
ldapsearch -H ldap://localhost:10389 -b "dc=ldap,dc=localhost" -D
"cn=admin,dc=ldap,dc=localhost" -w <admin password>

# extended LDIF
#
# LDAPv3
# base <dc=ldap,dc=localhost> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# ldap.localhost
dn: dc=ldap,dc=localhost
objectClass: top
objectClass: dcObject
objectClass: organization
o: test
dc: ldap

# admin, ldap.localhost
dn: cn=admin,dc=ldap,dc=localhost
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dWluemgyR3l1SFBIOXZ5S2lVb3NlLy81c09hRmZGR3g=

# test, ldap.localhost
dn: cn=test,dc=ldap,dc=localhost
objectClass: inetOrgPerson
cn: test
uid: test
userPassword:: MTIz
sn: test

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3

This is so confused since I dont think my configure for the ldap.properties
is incorrect. Below is my ldap.perperties:
```
idp.authn.LDAP.authenticator        = bindSearchAuthenticator
idp.authn.LDAP.ldapURL               = ldap://localhost:10389
idp.authn.LDAP.useStartTLS         = false
idp.authn.LDAP.useSSL                = false
idp.authn.LDAP.returnAttributes   = uid
idp.authn.LDAP.baseDN               = dc=ldap,dc=localhost
dp.authn.LDAP.subtreeSearch      = false
idp.authn.LDAP.userFilter            = (uid={user})
idp.authn.LDAP.bindDN               = cn=admin,dc=ldap,dc=localhost
idp.authn.LDAP.bindDNCredential =<admin password>
idp.authn.LDAP.dnFormat            = uid=%s,dc=ldap,dc=localhost
```

Below is the error log:
``` ERROR [org.ldaptive.pool.BlockingConnectionPool:457] -
[org.ldaptive.pool.BlockingConnectionPool at 393536240::name=search-pool,
poolConfig=[org.ldaptive.pool.PoolConfig at 669828906::minPoolSize=3,
maxPoolSize=10, validateOnCheckIn=false, validateOnCheckOut=false,
validatePeriodically=true, validatePeriod=PT5M, validateTimeout=PT5S],
activator=null, passivator=null,
validator=[org.ldaptive.pool.SearchValidator at 1715213301::searchRequest=[org.ldaptive.SearchRequest at 1459134737::baseDn=,
searchFilter=[org.ldaptive.SearchFilter at 1642584434::filter=(objectClass=*),
parameters={}], returnAttributes=[1.1], searchScope=OBJECT, timeLimit=PT0S,
sizeLimit=1, derefAliases=null, typesOnly=false, binaryAttributes=null,
sortBehavior=UNORDERED, searchEntryHandlers=null,
searchReferenceHandlers=null, controls=null, referralHandler=null,
intermediateResponseHandlers=null]]
pruneStrategy=[org.ldaptive.pool.IdlePruneStrategy at 108542064::prunePeriod=PT5M,
idleTime=PT10M], connectOnCreate=true,
connectionFactory=[org.ldaptive.DefaultConnectionFactory at 901450092::provider=org.ldaptive.provider.unboundid.UnboundIDProvider at 72470c13,
config=[org.ldaptive.ConnectionConfig at 1960974869::ldapUrl=ldap://localhost:10389,
connectTimeout=PT3S, responseTimeout=PT3S,
sslConfig=[org.ldaptive.ssl.SslConfig at 362723157::credentialConfig=net.shibboleth.idp.authn.impl.X509ResourceCredentialConfig at 40be5fe5,
trustManagers=null, hostnameVerifier=null, hostnameVerifierConfig=null,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null], useSSL=false, useStartTLS=false,
connectionInitializer=[org.ldaptive.BindConnectionInitializer at 1998369709::bindDn=cn=admin,dc=ldap,dc=localhost,
bindSaslConfig=null, bindControls=null],
connectionStrategy=org.ldaptive.DefaultConnectionStrategy at 7a6964b8]],
initialized=true, availableCount=0, activeCount=0] unable to connect to the
ldap
org.ldaptive.LdapException: LDAPException(resultCode=49 (invalid
credentials), errorMessage='invalid credentials', ldapSDKVersion=4.0.14,
revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb)```

Any suggestion will be appreciated.

Best

Chris



--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list