Symantec Access Management

  • Private Community

  • 1.  OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 01:46 AM
      |   view attached

    Hello,

     

    I followed this guide to protect redirect.jsp.

    Protect the Authentication URL to Establish a Session - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation 

    Authentication Scheme uses forms/login.fcc from webagent sample as target.

     

    When try to access redirect.jsp, login with username/password on redirected login.fcc, cannot connect to redirect.jsp and got following error in smps.log

     

    Error 49[16184/4011645808][Tue Nov 15 2016 06:52:54][SmDsLdapFunctionImpl.cpp:494][ERROR][sm-Ldap-00770] (AuthenticateUser) DN: 'cn=hetty,ou=People,dc=siteminder,dc=com' . Status: Error 49 . Invalid credentials

     

    The user can be looked up via View Content of user directory or Administration->Users->Manage User Accounts.

     

    smtracedefault.log attached.

     

    This may be elementary, but I cannot find the reason after checking all I can think of. Any input is much appreciated.

    Attachment(s)

    zip
    smtracedefault.log.zip   27 KB 1 version


  • 2.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 03:02 AM

    Are you sure password is correct? Are you able to perform bind to the directory using some external ldap browser like jxplorer?



  • 3.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 04:31 AM

    Thank you for the reply.

     

    From Administration UI, the password attribute is set in Password(RW) in User Directory setting.  And I can change the password via Administration -> Users -> Manage User Accounts.

     

    In JXplorer, I can see the user under People ou.

     

    Am I using the wrong password?



  • 4.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 05:10 AM

    What attribute have you mapped for Password attribute. For OpenLdap it needs to be "userpassword" I guess


    Can you share screenshot of user directory config?

    Are you able to do view contents?



  • 5.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 05:20 AM

    Yes, I mapped userpassword to passowrd. Here is the screenshot of user directory config.User directory config

    And in view content, I can search for the user.



  • 6.  Re: OpenLdap User Directory Username/password authentication error
    Best Answer

    Posted Nov 15, 2016 05:41 AM

    See if you can bind to OpenLdap using Jxplorer https://confluence.atlassian.com/plugins/servlet/mobile#content/view/164873


    This way you can verify if password is correct 



  • 7.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 06:12 AM

    Seems I cannot bind to OpenLdap with

    cn=hetty,ou=People,dc=siteminder,dc=com

    I can only use the user

    cn=Manager,dc=siteminder,dc=com

     

    Tried both user's password, not working.

    Is bind use a different password with userPassword attribute?



  • 8.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 15, 2016 06:19 AM

    I think what is happening is Siteminder is not able to set userpassword attribute. You can check the smtracedefault.log for any error.



  • 9.  Re: OpenLdap User Directory Username/password authentication error

    Posted Nov 16, 2016 09:32 AM

    I create another directory server for the user to bind. And authentication works well when user can bind.
    Thank you for the advice.