I had a working VPN with users authenticating via LDAP. One day it decided it did not want to work anymore. We are not aware of any changes to the ASA and the only thing that may have changed on the LDAP server is windows updates. One day this was working fine, and then it stopped and I have not been able to fix it.
The base DN, username, password, etc. nothting has changed. I verified all info is correct:
INFO: Attempting Authentication test to IP address <10.0.1.136> (timeout: 12 seconds)
[433] Session Start
[433] New request Session, context 0xca21bb58, reqType = Authentication
[433] Fiber started
[433] Creating LDAP context with uri=ldap://10.0.1.136:389
[433] Connect to LDAP server: ldap://10.0.1.136:389, status = Successful
[433] supportedLDAPVersion: value = 3
[433] supportedLDAPVersion: value = 2
[433] Binding as ASALDAP
[433] Performing Simple authentication for ASALDAP to 10.0.1.136
[433] LDAP Search:
Base DN = [DC=pip,DC=local]
Filter = [sAMAccountName=jbutterfield]
Scope = [SUBTREE]
[433] Request for jbutterfield returned code (1) Operations error
[433] Fiber exit Tx=275 bytes Rx=733 bytes, status=-1
[433] Session End
ERROR: Authentication Rejected: Memory error
Wireshark on the server indicates that bind is successful, but then:
LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
But previous to that line it indicated:
LDAPMessage bindResponse(2) success
Any ideas?
aaa-server LDAPServerGroup protocol ldap
aaa-server LDAPServerGroup (inside) host 10.0.1.136
ldap-base-dn DC=pip,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=ASALDAP,CN=Users,DC=pip,DC=local
server-type microsoft
ldap-attribute-map LDAPMap
The following output is from AD Explorer. I logged into ADExplorer using ASALDAP user/pass. I browsed the directory and gathered this distinguished name.
CN=ASALDAP,CN=Users,DC=pip,DC=local
