LDAP Integration Failure after Upgrade
Article ID: 143096
Updated On:
Products
Issue/Introduction
We have completed upgrade and have set up Identity Access Manager for the first time.
We imported LDAP settings from previous working version and tested LDAP connection and LDAP Authentication (for IAM) successfully.
We use LDAP for Authentication only, so after we add an LDAP user to IAM, when the user logs in with LDAP credentials the user gets the error "Invalid username or password".
2019-12-09 09:19:55,596 WARN [org.keycloak.events] (default task-51) type=LOGIN_ERROR, realmId=service_virtualization, clientId=security-admin-console, userId=295fbfca-36bb-4119-87ca-9ed84f432c04, ipAddress=[IP address], error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, application='Identity And Access Manager', redirect_uri=https://machine_name:51111/auth/admin/service_virtualization/console/?redirect_fragment=%2Fforbidden, code_id=831cdcec-1893-4066-863c-6aeed92aaaf9, username=a370253
2019-12-09 09:19:55,599 WARN [org.keycloak.services] (Brute Force Protector) KC-SERVICES0053: login failure for user 295fbfca-36bb-4119-87ca-9ed84f432c04 from ip [IP address]
Environment
All supported DevTest releases.
Cause
Configuration
Resolution
LDAP Integration works now after updating the below attributes in IAM Portal -> User Federation -> Select LDAP Profile .
Settings: * User Object Classes= posixAccount,shadowAccount,top,person,organizationalPerson,inetOrgPerson,bbyperson
Group Settings:Group Object Classes = top,groupofuniquenames
Membership LDAP Attribute =uniqueMember
NOTE: LDAP environments can differ between customers, so it is very important to have your LDAP Admin help you with the configuration.
Feedback
