2 Replies Latest reply on Jul 23, 2013 1:07 PM by hettyere

    Unable to logon to CQ56 using LDAP authentication

    hettyere

      Help needed urgently.

       

      I am unable to logon to CQ5 using LDAP authentication. I got this error "  com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''app_testsrv'' . 

       

      please find my ldap_login.config below:

       

      com.day.crx.security.ldap.LDAPLoginModule login: unkown User for ID ''app_testsrv''

      com.day.crx {
         com.day.crx.core.CRXLoginModule sufficient;
         com.day.crx.security.ldap.LDAPLoginModule required
                    principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider"
                    host="test.ca.ads"
                    port="389"
           authDn="CN=app_testsrv,OU=Service Accounts,OU=users,OU=etisa,DC=ca,DC=ads"
           authPw="***"
                    secure="false"
           userIdAttribute="sAMAccountName"
                    userRoot="OU=Internal,OU=users,OU=etisa,DC=ca,DC=ads"
                    groupRoot="OU=groups,OU=etisa,DC=ca,DC=ads"
                    groupMembershipAttribute="member"
                    autocreate="createUser"
                    autocreate.user.mail="profile/email"
                    autocreate.user.givenname="profile/givenName"
                    autocreate.user.sn="profile/familyName"
                    autocreate.group.description="profile/aboutMe"
                    autocreate.group.mail="profile/email"
                    autocreate.group.cn="profile/givenName"
                    autocreate.path="direct"
                    cache.expiration="600"
                    cache.maxsize="100";
      };

       

      Please, review and help with suggestions on how to resolve the issue to enable me log on.

       

      Than you.

        • 1. Re: Unable to logon to CQ56 using LDAP authentication
          vmehrotr Adobe Employee

          Hi Hettyere,

           

          It seems primarily due to authdn and userroot pointing to different OU? Can you  verify this? Based on your authDn and userRoot configurations they do not lie under same OU thus search fails.

           

          1/ It seems that the user is not present at all in the ldap while it performs the search based on the filter. Did you try to check if the search is correct - OU=User Accounts,DC=pbs,DC=cbainet,DC=com with filter (&(sAMAccountName=app_testsrv)(objectclass=person))

          2/ If possible, please use a ldap browser (external client) and check this using the same tree filter in point 1/. See if it is possible view the user?

          3/ Can you also check and ensure the following -

           

                                authDn="***********"

                                authPw="***********"

           

          is an actual admin user that has full access rights to access all tree/subtree in the ldap directory?

           

          Please verify.

          • 2. Re: Unable to logon to CQ56 using LDAP authentication
            hettyere Level 1

            It worked after the userroot was corrected.

             

            Thanks.