LDAP fails with error "Code: -32000 Message: Code: 0x3"
-
Hello,
I am trying to configure LDAP authentication (Active Directory) on XOA.
When I test configuration I get error message:
Code: -32000
Message: Code: 0x3What should I check? How can I overcome this. Thank you.
DETAILS:
{ "code": 3, "message": " Code: 0x3", "name": "Error", "stack": "Error: Code: 0x3 at Function.parse (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/StatusCodeParser.ts:59:16) at Client._sendSearch (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:648:30) at Client.search (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:610:5) at AuthLdap._authenticate (/usr/local/lib/node_modules/xo-server-auth-ldap/src/index.js:277:42) at default.testPlugin (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/plugins.mjs:285:5) at Xo.test (file:///usr/local/lib/node_modules/xo-server/src/api/plugin.mjs:109:3) at Task.runInside (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:172:22) at Task.run (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:156:20) at Api.#callApiMethod (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:469:18)" } -
@dinhngtu said in LDAP fails with error "Code: -32000 Message: Code: 0x3":
sAMAccountName
Thank you. (userPrincipalName={{name}}) filter made the trick.
When I use (userPrincipalName={{name}}), it works for me either I set certificate check ON or not. (Actually I was expecting to check AD root cert as this connection is using LDAPS)
And also test only works when I do it using UPN but not with username@domain format.
Other filter options did not work at all.
-
Can you show us the settings that you configured for this plugin?
-
Hello @Danp, Please find ss attached. I tried infinite number of config settings but no luck.
-
Two things you could try --
- user filter set to
(sAMAccountName={{name}}) - Remove the entry under Certificate Authorities
- user filter set to
-
Here are my results:
user filter with CA:
Code: -32000Message: could not authenticate user
user filter without CA:
Code: -32000Message: could not authenticate user
-
@yzgulec Could you try the following config, which worked for me:
URI: ldaps://<DC FQDN> Copy ADCS root CA to /usr/local/share/ca-certificates/root.crt Certificate Authorities: /usr/local/share/ca-certificates/root.crt Check certificate: enabled Base: OU=... StartTLS: off Credentials: fill dn: <service account UPN> password: <password> User filter: (userPrincipalName={{name}}) ID attribute: sAMAccountName -
@dinhngtu said in LDAP fails with error "Code: -32000 Message: Code: 0x3":
sAMAccountName
Thank you. (userPrincipalName={{name}}) filter made the trick.
When I use (userPrincipalName={{name}}), it works for me either I set certificate check ON or not. (Actually I was expecting to check AD root cert as this connection is using LDAPS)
And also test only works when I do it using UPN but not with username@domain format.
Other filter options did not work at all.
-
O olivierlambert marked this topic as a question on
-
O olivierlambert has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login