Hi Guys,
Well I am in the process of setting up PrivacyIdea with an LDAP proxy and AD. Currently I have PrivacyIdea talking to the AD. I also have the LDAPProxy setup and can connect to it using LDP.exe and I look to be making request to AD. I can get user attributes returned.
SETUP
LDP.EXE ==> LDAPProxy ==> AD
LDP.EXE ==> LDAPProxy ==> PrivanceIDEA ==> AD
The issue I am having is that I keep getting [pi_ldapproxy.proxy#info] sending BigResponse “invalid Credentials”: failed to authenticate.
Followed by
[twiste.web.client._http11clientfactory@info] stopping factory …
I am not sure what this means and what the invalid credentials are for. Is this the response from the PrivacyIdea or is this what LDAPproxy is sending to the LDP.exe client?
What credential are being checked?
What credential am I meant to be putting in the LDP.exe bind. Is it just the password, or should I be using an password OTP combination?
Run down on LDAP config file
Instance=https://127.0.0.1
verify=false
endpoint = tcp:host=192.168.0.22:port389
test-connection=true
dn=“cn=Username,ou=XX,dc=XX”
password =“Password” (Have tried this with and without quotes)
endpoint = tcp:port=389
passthrough-binds=“ou=xx,dc=XX”
bind-service-account=true
allow-search = true
allow-connection-reuse=true
ignore-search-result-references=false
forward-anonymous-binds=false
strategy = Loopup
attribute = sAMAccount Name
strategy = static
realm=realmname
everything else is default
If I test resolver is get all the expected accounts, and I have created the realm with the resolver attached.
Thanks in advance for any help.
Craig