External AD authentication fails.

Unanswered Question
Nov 6th, 2009


I have set up an Active Directory database as an external resource via Generic LDAP option (I didnt set up via windows database option as my infrastructure does not allow me this).

I am trying to authenticate with no luck. The report database contains the following error message:

Message type: Authentication failed

Authentication Failure Code: External DB reports about an error condition.

My configuration steps are as follows:

Process all user names

Qualified by suffix (local.com)

Strip domain before submitting username to LDAP server

User Directory Subtree=dc=local,dc=com

Group Directory Subtree=dc=local,dc=com

User Object Type=SamAccountName

User Object Class=person

Group Object Type=cn

The rest is default settings.

Certificate DB path: empty

I also created an unknown user policy and added my external database in the list of databases and moved it up.

What am I doing wrong? Any help is appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 12/02/2009 - 13:33

As far as I know ACS does not have the sub tree query mode in which if a user is not found on the same level that was defined acs will look further levels deep, so you might want to put the user DN pointing exactly where the users are, also your user object type is not defined correctly, if it indeed is the value you are defining, then the correct syntax is sAMAccountName. I would advise to download the following trial "softerra ldap browser" and browse to your AD LDAP infrastructure, and check the right values that you are using, it might be that you are using the defaults which would mean that you would need to use in most of the cases cn user object type and so on.




This Discussion