SID-00106: LDAP authentication problems, Ldap Err: DSID-0C090334

Status:	Unanswered	TWiki version:	4.2.4	Perl version:	v5.8.8
Category:	CategoryAccessControl	Server OS:	RedHat	Last update:	16 years ago

I have my LocalSite.cfg set up to use LDAP and fall back to the twiki authentication.

The authentication fall back is working as I can log into the wiki as admin. But when I attempt to log in as a user in LDAP (microsoft active directory LDAP) I receive the error

LdapContrib - error refeshing the user cashe: 49: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece

Which in my research means the LDAP account is locked. I know the user is not locked as I can log in via other LDAP services with the same user/pass.

Any ideas?

-- JeremyBirkett - 14 Feb 2009

Discussion and Answer

It might be the bind user. Enable debug in the LdapContrib and comment out the #writeDebug statements (I can't understand they the author of this plugin comments out debug statements when there is already a conditional debug test...)

-- PeterThoeny - 14 Feb 2009

Thanks Peter,

Now, I can see the error in more detail (I have stripped out company name)

[Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called initCache, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] cacheAge=9999999999, maxCacheAge=86400, lastUpdate=0, refresh=1, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] updating cache, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called refreshCache, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called refreshUsersCache(), referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called search(filter=objectClass=Person, base=DC=mycompany,DC=ca,OU=Div, scope=sub, limit=0, attrs=SAMACCOUNTNAME,mail,last_name), referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called connect, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] proxy bind, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] 1: 000020D6: SvcErr: DSID-031006CC, problem 5012 (DIR_ERROR), data 0, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] , referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] done reading pages, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] finishing, referer: http://myserver.com/twiki/bin/login/TWiki/WebHome [Mon Feb 16 12:52:46 2009] [error] [client 10.0.16.172] called disconnect(), referer: http://myserver.com/twiki/bin/login/TWiki/WebHome

The primary error appears to be

DSID-031006CC

Which seems to be that one of the attributes being asked for SAMACCOUNTNAME,mail,last_name

Doesn't exist. But I am told they do. Any one have ideas?

-- JeremyBirkett - 16 Feb 2009

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2009-04-17

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.