LDAP Importer Trouble

[Alistair Young]

Hi all, 

Looking for assistance with our LDAP import! We haven't updated our importer utility since we originally migrated to Service Manager back in 2017, so it is well out of date and we'd like to use the newer utility so that we can use Data Import Config in the Admin area. Unfortunately we've run into some teething problems: 

• Using secure TLS on port 636 returns [ERROR] Connecting Error: LDAP Result Code 211 "ErrorClosing": Response Channel Closed
• Using insecure HTTP on port 389 returns [ERROR] Bind Error: LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563

The finger-of-blame seems to be pointing to the KeySafe entry used to authenticate against our LDAP server, but we're unsure where the problem is. We used an AD look-up tool that connects to a DC and carried out an LDAP query to successfully check the credentials.  I've attached the key details from KeySafe but I guess there isn't much to see...

Here's the log output from the last attempt: 

05/08/2021
14:15
[MESSAGE] ---- LDAP Import Utility v3.9.5 ----
[MESSAGE] Flag - config ad-import
[MESSAGE] Flag - logprefix
[MESSAGE] Flag - dryrun true
[MESSAGE] Flag - instanceid pasm
[MESSAGE] Flag - apikey ##################################
[MESSAGE] Flag - apitimeout 60
[MESSAGE] Flag - workers 1[MESSAGE] Flag - forcerun false
[MESSAGE] Loading Configuration Data: ad-import
[MESSAGE] Loading LDAP Authentication Data: 8
[MESSAGE] Log Level 2
[MESSAGE] Page Size 500MessageID: 1, ok: true
LDAP Request: (Universal, Constructed, Sequence and Sequence of) Len=40 "<nil>"
MessageID: (Universal, Primative, Integer) Len=1 "1"
Bind Request: (Application, Constructed, 0x00) Len=35 "<nil>"
Version: (Universal, Primative, Integer) Len=1 "3"
User Name: (Universal, Primative, Octet String) Len=8 "svc_ROUO"
Password: (Context, Primative, 0x00) Len=20 "######################"
sendMessage-> message_id: 1, out: 0xc00036c360
1: waiting for response
Sending message 1
Receiving message 1
1: got response 0xc0000800a0
LDAP Response: (Universal, Constructed, Sequence and Sequence of) Len=100 "<nil>"
Message ID: (Universal, Primative, Integer) Len=1 "1"
Bind Response: (Application, Constructed, 0x01) Len=95 "<nil>"
Result Code (Invalid Credentials): (Universal, Primative, Enumerated) Len=1 "49"
Matched DN: (Universal, Primative, Octet String) Len=0 "[]"
Error Message: (Universal, Primative, Octet String) Len=88 "[56 48 48 57 48 51 48 56 58 32 76 100 97 112 69 114 114 58 32 68 83 73 68 45 48 67 48 57 48 52 51 57 44 32 99 111 109 109 101 110 116 58 32 65 99 99 101 112 116 83 101 99 117 114 105 116 121 67 111 110 116 101 120 116 32 101 114 114 111 114 44 32 100 97 116 97 32 53 50 101 44 32 118 52 53 54 51 0]"
Finished message 1
[ERROR] Bind Error: LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563
Starting Close().
Shutting down

 

[Steve G]

Just to close this off, and in case anyone sees this behaviour in future, the username required the domain specifying.

Cheers,

Steve