LDAP Auth Problems with 6.0r3

emrecio_ · ‎12-31-2007

On IVE version 6.0r3, I noticed that Generic LDAP authentication is broken. We are using a regular LDAP server (slapd) and have tried SSL/Non-SSL ways to connect to the server. It knows when the admin password is wrong, and the connectivity checks out. I can connect to the ldap server via a query tool (ldapsearch - openldap v2.3.34 and ldapbrowser v2.8.2) using the same credentials as what I use in the IVE.

However, when people try to login, they are not getting login denied or any error messages. They're just not being allowed in. User policy traces and the logs state the following:

Sign-in rejected using auth server TAM LDAP - tekdev (LDAP Server). Reason: OK

davidboldo_ · ‎01-07-2008

It happen also to me.

Did you tried to put a domain admin account + pwd ?

I noticed some errors in the security logs of my PDC. Doing that recreate the SID account in the computers OU.

I then restored a service account in the parameters.

ben_ · ‎01-08-2008

I changed the type on our testmachine from eDirectory to Generic, had to refill the Admin-DN + BaseDN Filter but it still works fine.
In case of wrong authentication it displays username or password not correct message...

houssam_ · ‎01-10-2008

Same issue here as described by emrecio, we had to rollback to version 6.0R2 to fix the issue

ben_ · ‎01-10-2008

Maybe 6.0r3.1 fixes this issue? It was not explicitly mentioned in the changenotes but it was the same with 6.0r3 where the ADS Problem was "silently" fixed (http://forums.juniper.net/jnet/board/message?board.id=SSL_VPN&thread.id=58)

LDAP Auth Problems with 6.0r3

LDAP Auth Problems with 6.0r3

Re: LDAP Auth Problems with 6.0r3

Re: LDAP Auth Problems with 6.0r3

Re: LDAP Auth Problems with 6.0r3

Re: LDAP Auth Problems with 6.0r3