cancel
Showing results for 
Search instead for 
Did you mean: 

Specific user can't log on: bind to ldap NOT successfull for

Former Member
0 Kudos

We've made a connection to a LDAP server. One or more of the users can't log on to the portal. The user can be found in the UME with all his properties from the LDAP server. Main problem is that the DN is probably not correct for that specific user.

Does any experienced the same problem?

How can I see the exact query which is send to the LDAP server?

All help is welcome thanks!

Part of the stacktrace:

Exception when checking credentials

[EXCEPTION]

java.security.PrivilegedActionException: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.security.core.persistence.datasource.imp.LDAPPersistence.checkCredentials(LDAPPersistence.java:6419)

at com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.checkCredentials(DataSourceBaseImplementation.java:721)

at com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.doPasswordHandling(PrincipalDatabagFactoryInstance.java:1489)

at com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.checkCredentials(PrincipalDatabagFactoryInstance.java:1253)

at com.sap.security.core.imp.AbstractUserAccount.checkPasswordExtended(AbstractUserAccount.java:1862)

at com.sap.security.core.imp.AbstractUserAccount.checkPassword(AbstractUserAccount.java:1880)

at com.sap.security.core.imp.UserAccountWrapper.checkPassword(UserAccountWrapper.java:316)

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Maybe the DN data has invalid characters.

See RFC2253 - Lightweight Directory Access Protocol

Former Member
0 Kudos

Yeah, it looks like you have a bad DN. Check against existing LDAP users and make sure you're using the same format.

Which LDAP are you using?

Former Member
0 Kudos

The LDAP server is a Siemens DirX.

Former Member
0 Kudos

Never used it, but that does not mean this should be a problem.

I think you've either got the DN format mangled somehow or possibly insufficient rights.

One thing to do is try just using the DN (no other attributes) You might have some object class issues in there as well.