Well I am in the process of setting up PrivacyIdea with an LDAP proxy and AD. Currently I have PrivacyIdea talking to the AD. I also have the LDAPProxy setup and can connect to it using LDP.exe and I look to be making request to AD. I can get user attributes returned.
LDP.EXE ==> LDAPProxy ==> AD
LDP.EXE ==> LDAPProxy ==> PrivanceIDEA ==> AD
The issue I am having is that I keep getting [pi_ldapproxy.proxy#info] sending BigResponse “invalid Credentials”: failed to authenticate.
[twiste.web.client._http11clientfactory@info] stopping factory …
I am not sure what this means and what the invalid credentials are for. Is this the response from the PrivacyIdea or is this what LDAPproxy is sending to the LDP.exe client?
What credential are being checked?
What credential am I meant to be putting in the LDP.exe bind. Is it just the password, or should I be using an password OTP combination?
Run down on LDAP config file
endpoint = tcp:host=192.168.0.22:port389
password =“Password” (Have tried this with and without quotes)
endpoint = tcp:port=389
allow-search = true
strategy = Loopup
attribute = sAMAccount Name
strategy = static
everything else is default
If I test resolver is get all the expected accounts, and I have created the realm with the resolver attached.
Thanks in advance for any help.