Issue with Active Directory LDAP user validation

I have a user at Active Directory LDAP as follows:

dn: CN=test44,OU=adduserspd,DC=addiam,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: test44
sn: test44
userPassword:: dGVzdDEyMw==
givenName: a
distinguishedName: CN=test44,OU=adduserspd,DC=addiam,DC=local
instanceType: 4
whenCreated: 20210719112205.0Z
whenChanged: 20210719154614.0Z
uSNCreated: 48807
uSNChanged: 49210
name: test44
objectGUID:: kHzOfDVztEictCZgD2sK7g==
userAccountControl: 66048
badPwdCount: 23
codePage: 0
countryCode: 0
badPasswordTime: 132711842865805975
lastLogoff: 0
lastLogon: 0
pwdLastSet: 132711810368404085
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAANJehYHpPGd4MmIXVWgYAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: $QI1000-T26H6SSO71UL
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=addiam,DC=local
dSCorePropagationData: 16010101000000.0Z
mail: placeholder@mail.com
unixHomeDirectory: User

When I try to search that user, with the following "ldapsearch" command, I'm getting an authentication issue.

admin@PC1-01:~> ldapsearch -x -LLL -h 11.14.18.111:389 -D test44 -w 'test123' -b"dc=addiam,dc=local" -s sub "(objectClass=user)"
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563

According to what I found regarding error "52e", which means that the user exists and the provided credentials are wrong. But I can see that the user's "userPassword" attribute contains the correct password in base64 encoded form.

I also tried with the following, but the result was same

admin@PC1-01:~> ldapsearch -x -LLL -h 11.14.18.111:389 -D test44 -w 'test123' -b"cn=test44,ou=adduserspd,dc=addiam,dc=local" -s sub "(objectClass=user)"
ldap_bind: Invalid credentials (49)
        additional info: 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563
admin@PC1-01:~>

Appreciate if someone can explain what could be the cause for this situation.



Read more here: https://stackoverflow.com/questions/68449127/issue-with-active-directory-ldap-user-validation

Content Attribution

This content was originally published by Buddhima Wijeweera at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: