Fail to import contact from LDAP ERROR ldap_bind() ERROR(Invalid Credentials)
Article ID: 76519
Updated On:
Products
SUPPORT AUTOMATION- SERVER
CA Service Desk Manager - Unified Self Service
CA Service Desk Manager
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
Issue/Introduction
Trying to configure a new AD for multidomain in SDM when doing the ldap test connection the following error appear in CMD:
C:\Windows\system32>pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
Starting pdm_ldap_test...
LDAP Directory Type : active directory
Service Desk Platform : windows
Search Base : DC=,DC=,DC=
Search Filter : (objectClass=person)
Administrator Username : cn=,ou=,DC=,DC=e,DC=
Administrator Password : **********
LDAP Host : <serverIP or Hostname>
LDAP Port : <ldapport>
ldap_bind() ERROR(Invalid Credentials)
In stdlogs the following error appear:
03/20 16:50:11.67 <serverIP or Hostname> domsrvr 572 SIGNIFICANT factory.c 1593 Factory ldap_group has no last mod date attribute
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3379 Initializing LDAP connection for host(<serverIP>); port(389)
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3411 LDAP_Server connecting to host(<serverIP>) port(389)
03/20 16:50:12.55 <serverIP or Hostname> ldap_agent_nxd 4768 ERROR ldap_agent.c 3578 LDAP_Server ldap_bind() error(010B10B0); username(CN=,OU=,DC=uva,DC=e,DC=)
03/20 16:50:12.56 <serverIP or Hostname> ldap_sync 8452 ERROR ldap_sync.c 369 pdm_ldap_import: Method got_record in Ldap_Group_Catcher failed ()
By testing connection with an Ldap browser configuration might work in a test connection also with other LDAP client but SDM won't allow the import or test if in AD side the 'samaAccountName' doesn't match with the 'cn='
C:\Windows\system32>pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
Starting pdm_ldap_test...
LDAP Directory Type : active directory
Service Desk Platform : windows
Search Base : DC=,DC=,DC=
Search Filter : (objectClass=person)
Administrator Username : cn=,ou=,DC=,DC=e,DC=
Administrator Password : **********
LDAP Host : <serverIP or Hostname>
LDAP Port : <ldapport>
ldap_bind() ERROR(Invalid Credentials)
In stdlogs the following error appear:
03/20 16:50:11.67 <serverIP or Hostname> domsrvr 572 SIGNIFICANT factory.c 1593 Factory ldap_group has no last mod date attribute
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3379 Initializing LDAP connection for host(<serverIP>); port(389)
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3411 LDAP_Server connecting to host(<serverIP>) port(389)
03/20 16:50:12.55 <serverIP or Hostname> ldap_agent_nxd 4768 ERROR ldap_agent.c 3578 LDAP_Server ldap_bind() error(010B10B0); username(CN=,OU=,DC=uva,DC=e,DC=)
03/20 16:50:12.56 <serverIP or Hostname> ldap_sync 8452 ERROR ldap_sync.c 369 pdm_ldap_import: Method got_record in Ldap_Group_Catcher failed ()
By testing connection with an Ldap browser configuration might work in a test connection also with other LDAP client but SDM won't allow the import or test if in AD side the 'samaAccountName' doesn't match with the 'cn='
Environment
Service Desk Manager 14.1 / R17.0 / R17.1
Microsoft Active Directory.
Microsoft Active Directory.
Cause
Issue is related to how the application tries to do the bind and what fields looks for match. The samAccountName (SDM_service) was not the same as the CN.
Resolution
Log in Active directory and check:
1) Compare samAccountName with cn of the user for connection if they are same.
2) if they are different and connection is being test with cn, check connection by using samAccountName
Example:
Test connection by using samAccountName instead of CN: pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
In CN field enter the samAccountName
3) if connection works with samAccountName then ask to the Active Directory administrator to update contact to match these two fields.
1) Compare samAccountName with cn of the user for connection if they are same.
2) if they are different and connection is being test with cn, check connection by using samAccountName
Example:
Test connection by using samAccountName instead of CN: pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
In CN field enter the samAccountName
3) if connection works with samAccountName then ask to the Active Directory administrator to update contact to match these two fields.
Additional Information
How to Integrate SDM with LDAP:
https://docops.ca.com/ca-service-management/14-1/en/administering/configure-ca-service-desk-manager/configuring-user-accounts/how-to-integrate-ca-sdm-with-ldap
Typical issues related to multiple ldap with SDM integration:
https://communities.ca.com/thread/241730555
https://docops.ca.com/ca-service-management/14-1/en/administering/configure-ca-service-desk-manager/configuring-user-accounts/how-to-integrate-ca-sdm-with-ldap
Typical issues related to multiple ldap with SDM integration:
https://communities.ca.com/thread/241730555
Feedback
Yes
No
Powered by
