On Mon, Nov 27, 2017 at 10:02 AM, <harry.dev...@faa.gov> wrote: > OK, so I tried that, including modifying ldap-username-attribute to be > cn=users,cn=accounts,dc=example,dc=com, and now I get a 403 error in the > Developer Tools, and the following error in /var/log/messages: > > > > Nov 27 10:00:34 access server: 10:00:34.766 [http-bio-8080-exec-8] WARN > o.a.g.r.auth.AuthenticationService - Authentication attempt from > xxx.xxx.xxx.xxx for user "harry.devine" failed. > > > > However, I know that the password is 100% correct. Where to look now? I > feel we’re getting very close. > > >
What LDAP server are you running? You probably mentioned it already somewhere in this thread, and I'm going to guess Active Directory, but just want to make sure? If it's OpenLDAP then it is quite possible it is configured to disallow logins without some form of encryption (although I wouldn't expect the search bind to work in this case, but who knows). AD doesn't usually have those restrictions, but depending on the environment, it actually might require encryption, as well. Other than that, it would be useful to get a log from the LDAP server that indicates why it is failing authentication - if it believes the password is wrong, or if it is throwing some other sort of error. I realize that you might be in an organization where you don't have access to that server or those logs, but, if you do, that would be helpful. -Nick
