search cancel

AD Connector returns LDAP: error code 49 - Invalid Credentials

book

Article ID: 201854

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

After upgrading the CA Identity Manager (IM) 14.1 vApp (Virtual Appliance) to 14.3 CP2, the connector server is reporting invalid credentials error (LDAP: error code 49 - Invalid Credentials)

 

2020-10-02 09:31:14,926 72805865 [ApacheDS Worker-thread-33] ActiveDirectory_LFAD (LdapExceptionUtils.java:151) ERROR  - exception in SEARCH(): javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; remaining name 'eTADSAccountName=AUserTest,eTADSOrgUnitName=Employees,eTADSOrgUnitName=Users,eTADSOrgUnitName=Test1,eTADSOrgUnitName=Production,eTADSOrgUnitName=Sandbox,eTADSOrgUnitName=Test,eTADSOrgUnitName=LF,eTADSDirectoryName=LFAD,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa'
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; remaining name 'eTADSAccountName=AUserTest,eTADSOrgUnitName=Employees,eTADSOrgUnitName=Users,eTADSOrgUnitName=Test1,eTADSOrgUnitName=Production,eTADSOrgUnitName=Sandbox,eTADSOrgUnitName=Test,eTADSOrgUnitName=LF,eTADSDirectoryName=LFAD,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa'

Environment

Release : 14.3 CP2

Component : IdentityMinder(Identity Manager)

Resolution

If the Active Directory Endpoint is configured with a FQDN (Fully Qualified Domain Name) the connection occasionally fails to resolve, this is usually resolved when the connector server is restarted.  This issue is caused by a 3rd party library employed by IM

To avoid this issue use the UPN (User Princaple Name) to connect the Active Directory endpoint. i.e. [email protected] 

 

 

Additional Information

This is addressed in 14.3 CP2 via HF-DE480544.zip