1 Reply Latest reply on Sep 17, 2012 2:53 PM by crestenst

    Yet another LDAP question

    crestenst

      Hello everyone,

       

      I've been struggling with getting Active Directory to integrate with CQ5. I'm currently getting the following error message:

       

      17.09.2012 13:41:01.857 *WARN* [0:0:0:0:0:0:0:1%0 [1347907261851] POST /libs/cq/core/content/login.html/j_security_check HTTP/1.1] com.day.crx.security.ldap.principals.LDAPPrincipalProvider Error finding user test com.day.crx.security.ldap.LDAPRepositoryException: LDAP error: com.day.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1; Invalid credentials

                at com.day.crx.security.ldap.principals.LDAPPrincipalProvider.findUser(LDAPPrincipalProvider .java:396) ...

       

      I am pretty positive that this is due to my ldap_login.conf file, specifically the 3 fields:

       

      authDN

      userRoot

      groupRoot

       

      What I am confused about is this: What am I supposed to put into these fields?

       

      Here is my ldap_login.conf file. Any help you guys can lend would be tremendous.

       

      com.day.crx {

         com.day.crx.core.CRXLoginModule sufficient;

         com.day.crx.security.ldap.LDAPLoginModule required

                    principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"

                    host="(thehost)"

             authDn="CN=test,CN=developer,CN=Users,DC=cq5test,DC=local"

             authPw="(password)"

                    port="389"

                    secure="false"

             userRoot="dc=cq5test,dc=local,dc=users"

             userIdAttribute="sAMAccountName"

             userFilter="(objectclass=user)"

             groupRoot="dc=cq5test,dc=local,dc=users"

             groupMembershipAttribute="member"

             groupFilter="(objectclass=group)"

             groupNameAttribute="cn"

                    autocreate="create"

                    autocreate.user.mail="profile/email"

                    autocreate.user.givenname="profile/givenName"

                    autocreate.user.sn="profile/familyName"

                    autocreate.group.description="profile/aboutMe"

                    autocreate.group.mail="profile/email"

                    autocreate.group.cn="profile/name"

             autocreate.user.membership="profile/member"

                    autocreate.path="direct"

                    cache.expiration="600"

                    cache.maxsize="100";

      };