Unable to login with our LDAP ID's even after syncing the user groups in Devtest IAM

book

Article ID: 201052

calendar_today

Updated On:

Products

CA Cloud Test Mobile CA Application Test

Issue/Introduction

    We have synced the LDAP groups in Identity access manager and it was successful as well. When trying to login user our LDAP credentials, it giving an error "Server error, can not authenticate user. Please make sure the Registry service is running."

We noticed below error in server.log file.

2020-10-08 01:12:07,385 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-10) Uncaught server error: org.keycloak.models.ModelException: User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: sAMAccountName, user DN: CN=xxxxxxx,OU=TEST12,OU=Users,OU=Chicago,OU=Enterprise Support,DC=ent,DC=ad,DC=ca,DC=com, attributes from LDAP: {whenChanged=[20201001062443.0Z], whenCreated=[20200116151125.0Z], mail=[[email protected]], givenName=[xxxxx], sn=[xxxxxx], cn=[xxxxx xxxxx], userAccountControl=[123], pwdLastSet=[132421139064417927]}
 at org.keycloak.storage.ldap.LDAPUtils.getUsername(LDAPUtils.java:113)

 

Environment

Release : 10.6

Component : CA Service Virtualization

Resolution

Since username has default value "cn" and searching with username which is an attribute of sAMAccountName. Due to this, LDAP search is failed.

To resolve this,changed username mapping value to sAMAccountName in LDAP mapping section.