Sign In   Register
  Thursday, 21 October 2021
  5 Replies
  314 Visits
0
Votes
Undo
  Subscribe
Hi

I'm getting a Bad Credentials Error when authenticating to an ldap (Active Directory) server from an ldap authenticator in Journey Manager. I can write custom groovy code that runs from the Journey Manager console to authenticate (bind) successfully but the same parameters don't work from the authenticator. How can I enable debugging/logging for this module in standalone.xml?

This has worked on previous TM versions.

ldap.jpg

Matt
Attachments (1)
Accepted Answer
0
Votes
Undo
It turns out that this was due to the lookup user not being found for the given ldapSearchBase. Unfortunately TM gives you the same error 'Bad Credentials' for both an incorrect service account username/password combo and also for a user not being found against a search Base, this took some time to get to the bottom of as I thought that the service account was failing for some reason.

Can I suggest as a future update that Manager be more explicit in the error messages about what is failing and why, specifically to distinguish between the service account bind failing vs the user not being located due to an invalid search base.

Matt
7 months ago
·
#14268
0
Votes
Undo
Hi Matt,
What's the current Journey Manager version and what's the JM version where LDAP used to work?
Have you checked error logs?
Have you selected "Enable Logging" on Security Manager tab?
Have you checked all Parameters in your Authentication Provider are correct?
Have you tried to bind to your LDAP using a command line client to ensure your configuration is correct?

Regards,
0
Votes
Undo
Hi Sergey

Journey Manager is 21.5.1 in our dev env. Prod and Test with working LDAP are 5.1.10. I've managed to turn on debug logging and get this:

2021-10-21T15:04:40.748AEDT DEBUG [com.avoka.fc.core.security.LdapUserDetailsAuthenticationProvider] (default task-1) Authentication for *********** failed:javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580

The DN and password are definitely correct as I've tested them in multiple other applications.

Matt
7 months ago
·
#14270
0
Votes
Undo
Hi Matt,
I have passed your info to the technical team.
0
Votes
Undo
I can successfully bind to the ldap server using the same credentials using code inside the groovy console. The windows account that the groovy code runs as is the 'computer account', e.g. myhost$

Is it possible that the code in the ldap authenticator is running under the 'system' account (because JM is installed as a service and runs as system) and that this account is not allowed to bind to AD regardless of the credentials supplied.

If someone from Temenos could confirm that groovy code executes as a different account than JM java code that would be helpful in troubleshooting this.

Matt
Accepted Answer
0
Votes
Undo
It turns out that this was due to the lookup user not being found for the given ldapSearchBase. Unfortunately TM gives you the same error 'Bad Credentials' for both an incorrect service account username/password combo and also for a user not being found against a search Base, this took some time to get to the bottom of as I thought that the service account was failing for some reason.

Can I suggest as a future update that Manager be more explicit in the error messages about what is failing and why, specifically to distinguish between the service account bind failing vs the user not being located due to an invalid search base.

Matt
Matthew White selected the reply #14275 as the answer for this post — 6 months ago
  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!

Q&A Forum - Tips

The purpose of the Temenos Journey Manager platform (TJM) Q&A forum is for all clients and partners to seek help...

Read More

Not a member?

Register to ask a question and access to more content.

Join now

Looking for something else?

You can request access to:

  • Courses
  • Full Release Notes
  • Product Downloads
  • SDK

Request access

Leader Board

1
Mark Murray
User's Points: 1376
2
Lin Vanoevelen
User's Points: 1046
3
Julio Berrueco Pinto
User's Points: 715
4
Matthew White
User's Points: 398
5
Chad Thomas
User's Points: 300