Rally - On-premises: LDAP Test Responses
search cancel

Rally - On-premises: LDAP Test Responses


Article ID: 132492


Updated On:


Rally On-Premise


When setting up LDAP, these are some common failure responses along with their solutions.


Release: 2.0 and higher


LDAP authentication failed: LDAP Result Code 10 "Referral": 0000202B: RefErr: DSID-031007EF, data 0, 1 access points ref 1: 'rallyonprem.local'

  • Incorrect  Base DN specified


LDAP authentication failed: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=rally,DC=net' 

This indicates that the appliance is able to bind to the LDAP server, however there is an issue with the distinguished name.  The following are some things to check:

  • Invalid user search DN specified
  • Mistaken spelling
  • Using CN= instead of OU= for organizational units
  • Specifying the catalog items in incorrect order in the user search DN field.  
  • Specifying a user search DN where the test user does not reside


LDAP authentication failed: LDAP Result Code 34 "Invalid DN Syntax": 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8350, best match of: 'sdf,DC=rally,DC=net' 

  • Didn't use the correct syntax in one of the fields where LDAP syntax is used

LDAP authentication failed: LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

  • Bad LDAP Bind Username DN
  • Incorrect Bind DN Password
  • This has also been seen when a password contains a dollar sign ($) - This was fixed in 2.1.0
  • If the passwords are not re-entered each time after navigating away from the LDAP configuration screen, this can be encountered.
  • This can sometimes be encountered after upgrading to 2.01 if LDAP hadn't been configured before or advanced settings hadn't been used in the LDAP configuration in 2.0.  Use KB 132377 to resolve.


LDAP authentication failed: LDAP Result Code 200 "": ldap: could not retrieve response

  • This is caused by entering a port that expects encryption without choosing the LDAPS in the dashboard 


LDAP authentication failed: LDAP Result Code 200 "": dial tcp connect: connection refused

  • The port entered is incorrect or LDAP is not listening on that port.  Default ports for LDAP are 389 for unencrypted traffic and 636 for encrypted. 

LDAP authentication failed: LDAP Result Code 201 "": ldap: finished compiling filter with extra at end: )

  • Caused by invalid LDAP parenthetical grouping.  The last character in the error indicates the extra character and may be different from the above example.  Double check your User query line and your Restricted User Group Query line and ensure you have correct LDAP syntax and balanced parentheses.

LDAP authentication failed: User must be a member of one of the restricted groups

  • Test user is not in the restricted group 


LDAP authentication failed: Login user not found

The user specified in the "Test username" field can not be located or authenticated.  Check the following:

  • This can be caused when the User search DN is not pointing to a location where the test user exists.
  • A bad password has been specified for the test user