LDAP fails with error "Code: -32000 Message: Code: 0x3"
-
Hello,
I am trying to configure LDAP authentication (Active Directory) on XOA.
When I test configuration I get error message:
Code: -32000
Message: Code: 0x3What should I check? How can I overcome this. Thank you.
DETAILS:
{ "code": 3, "message": " Code: 0x3", "name": "Error", "stack": "Error: Code: 0x3 at Function.parse (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/StatusCodeParser.ts:59:16) at Client._sendSearch (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:648:30) at Client.search (/usr/local/lib/node_modules/xo-server-auth-ldap/node_modules/ldapts/Client.ts:610:5) at AuthLdap._authenticate (/usr/local/lib/node_modules/xo-server-auth-ldap/src/index.js:277:42) at default.testPlugin (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/plugins.mjs:285:5) at Xo.test (file:///usr/local/lib/node_modules/xo-server/src/api/plugin.mjs:109:3) at Task.runInside (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:172:22) at Task.run (/usr/local/lib/node_modules/xo-server/node_modules/@vates/task/index.js:156:20) at Api.#callApiMethod (file:///usr/local/lib/node_modules/xo-server/src/xo-mixins/api.mjs:469:18)" } -
@dinhngtu said in LDAP fails with error "Code: -32000 Message: Code: 0x3":
sAMAccountName
Thank you. (userPrincipalName={{name}}) filter made the trick.
When I use (userPrincipalName={{name}}), it works for me either I set certificate check ON or not. (Actually I was expecting to check AD root cert as this connection is using LDAPS)
And also test only works when I do it using UPN but not with username@domain format.
Other filter options did not work at all.
-
Can you show us the settings that you configured for this plugin?
-
Hello @Danp, Please find ss attached. I tried infinite number of config settings but no luck.
-
Two things you could try --
- user filter set to
(sAMAccountName={{name}}) - Remove the entry under Certificate Authorities
- user filter set to
-
Here are my results:
user filter with CA:
Code: -32000Message: could not authenticate user
user filter without CA:
Code: -32000Message: could not authenticate user
-
@yzgulec Could you try the following config, which worked for me:
URI: ldaps://<DC FQDN> Copy ADCS root CA to /usr/local/share/ca-certificates/root.crt Certificate Authorities: /usr/local/share/ca-certificates/root.crt Check certificate: enabled Base: OU=... StartTLS: off Credentials: fill dn: <service account UPN> password: <password> User filter: (userPrincipalName={{name}}) ID attribute: sAMAccountName -
@dinhngtu said in LDAP fails with error "Code: -32000 Message: Code: 0x3":
sAMAccountName
Thank you. (userPrincipalName={{name}}) filter made the trick.
When I use (userPrincipalName={{name}}), it works for me either I set certificate check ON or not. (Actually I was expecting to check AD root cert as this connection is using LDAPS)
And also test only works when I do it using UPN but not with username@domain format.
Other filter options did not work at all.
-
O olivierlambert marked this topic as a question on
-
O olivierlambert has marked this topic as solved on
