LDAP fails with error "Code: -32000 Message: Code: 0x3"

yzgulec

Hello,

I am trying to configure LDAP authentication (Active Directory) on XOA.

When I test configuration I get error message:

Code: -32000
Message: Code: 0x3

What should I check? How can I overcome this. Thank you.

DETAILS:

{
  "code": 3,
  "message": " Code: 0x3",
  "name": "Error",
  "stack": "Error:  Code: 0x3
    at Function.parse (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/StatusCodeParser.ts:59:16)
    at Client._sendSearch (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:648:30)
    at Client.search (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:610:5)
    at AuthLdap._authenticate (/usr/local/lib/node_modules/xo-server-auth-ldap/src/index.js:277:42)
    at default.testPlugin (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/plugins.mjs:285:5)
    at Xo.test (file:///usr/local/lib/node_modules/xo-server/src/api/plugin.mjs:109:3)
    at Task.runInside (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:172:22)
    at Task.run (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:156:20)
    at Api.#callApiMethod (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:469:18)"
}

Danp

Can you show us the settings that you configured for this plugin?

yzgulec

Hello @Danp, Please find ss attached. I tried infinite number of config settings but no luck.

Danp

Two things you could try --

• user filter set to (sAMAccountName={{name}})
• Remove the entry under Certificate Authorities

yzgulec

@Danp

Here are my results:

user filter with CA:
Code: -32000

Message: could not authenticate user

user filter without CA:
Code: -32000

Message: could not authenticate user

dinhngtu

@yzgulec Could you try the following config, which worked for me:

URI: ldaps://<DC FQDN>
Copy ADCS root CA to /usr/local/share/ca-certificates/root.crt
Certificate Authorities: /usr/local/share/ca-certificates/root.crt
Check certificate: enabled
Base: OU=...
StartTLS: off
Credentials: fill
dn: <service account UPN>
password: <password>
User filter: (userPrincipalName={{name}})
ID attribute: sAMAccountName

yzgulec

@dinhngtu said in LDAP fails with error "Code: -32000 Message: Code: 0x3":

sAMAccountName

Thank you. (userPrincipalName={{name}}) filter made the trick.

When I use (userPrincipalName={{name}}), it works for me either I set certificate check ON or not. (Actually I was expecting to check AD root cert as this connection is using LDAPS)

And also test only works when I do it using UPN but not with username@domain format.

Other filter options did not work at all.