cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Enable Now - LDAP imported users cannot login

kempendorf
Explorer
0 Kudos
144

Hello,

we have SEN installed on premise. I installed the manager and successfully configured the LDAPs import. But when I try to log in with one of the imported users, it says bad credentials.

I know, you want some more information..lets see what we can do 🙂

The users are active and become part of "G=Learners,OU=system,OU=root" after being imported. I also tried to give other privileges like Master Author.

The LDAP bind is done with user credentials. Kerberos is not configured.

A difference between users created manually and those imported by LDAPs is, that the import also imports organizational units, so manually created users are found under <root>, while imported users are in <root>/<hv>/<users>

kempendorf_0-1729750153234.png
This is the trace:

 

com.datango.pdb.authentication.TreeAuthenticater|trying to authenticate user: username
com.datango.utils.server.db.ConnectionPool|Connections: 9
com.datango.utils.server.db.ConnectionPool|[[[[[ getConnection ]]]]] from com.datango.pdb.db.CollaboratorConnection.<init> (-1) REUSED C=0
com.datango.pdb.db.CollaboratorConnection|[4B6304C482B84B9AA64778FC4B424250] statement: select ws_user_id , uid, auth_user, email, user_name, lang_gui_id , domain, pwhash, salt, pwhashsec, saltsec, source_id , ldap_dn,last_password_change,u.consent   from ws_user as u  inner join [identity] as i on u.ws_user_id = i.identity_id  where auth_user = ? and domain = ? and active_user=1
com.datango.pdb.db.CollaboratorStatement|[4B6304C482B84B9AA64778FC4B424250] execute[1]:select ws_user_id , uid, auth_user, email, user_name, lang_gui_id , domain, pwhash, salt, pwhashsec, saltsec, source_id , ldap_dn,last_password_change,u.consent   from ws_user as u  inner join [identity] as i on u.ws_user_id = i.identity_id  where auth_user = ? and domain = ? and active_user=1
com.datango.pdb.db.CollaboratorStatement|[4B6304C482B84B9AA64778FC4B424250] SQL execution duration : 0 ms
com.datango.pdb.db.CollaboratorConnection|[4B6304C482B84B9AA64778FC4B424250] releasing resources: 0
com.datango.utils.server.db.ConnectionPool|<TRANSACTION__ ENDED>
com.datango.utils.server.db.ConnectionPool|[[[[[ releaseConnection ]]]]] from com.datango.pdb.authentication.TreeAuthenticater.authenticateUser (-1) C=0
com.datango.utils.server.db.ConnectionPool|Connections: 9
com.datango.utils.server.db.ConnectionPool|[[[[[ getConnection ]]]]] from com.datango.pdb.db.CollaboratorConnection.<init> (-1) REUSED C=0
com.datango.pdb.db.CollaboratorConnection|[BD8E36D9D8C94E93811DE73AD2621698] statement: select ws_user_id , uid, auth_user, email, user_name, lang_gui_id , domain, pwhash, salt, pwhashsec, saltsec, source_id , ldap_dn,last_password_change,u.consent   from ws_user as u  inner join [identity] as i on u.ws_user_id = i.identity_id  where auth_user = ? and domain = ? and active_user=1
com.datango.pdb.db.CollaboratorStatement|[BD8E36D9D8C94E93811DE73AD2621698] execute[1]:select ws_user_id , uid, auth_user, email, user_name, lang_gui_id , domain, pwhash, salt, pwhashsec, saltsec, source_id , ldap_dn,last_password_change,u.consent   from ws_user as u  inner join [identity] as i on u.ws_user_id = i.identity_id  where auth_user = ? and domain = ? and active_user=1
com.datango.pdb.db.CollaboratorStatement|[BD8E36D9D8C94E93811DE73AD2621698] SQL execution duration : 0 ms
com.datango.pdb.authentication.TreeAuthenticater|user not authenticated: username

 

I even checked the underlying MSSQL Database and found the users imported with all columns filled correctly.
I also tried with SSO enabled and disabled. No success.

 

Any help is much appreciated!

Regards,
Alec

Edit: Forgot to add Version information:
Edition: Microsoft Edition
Version: 10.8.5 (build 4014)

View Entire Topic
kempendorf
Explorer
0 Kudos

I figured it out by now.

I checked again the database entries and found out, that in the table dbo.identity the users had a wrong entry in the domain column. I changed it and now its working.

This might come due to our underlying active directory. We are using univention and not MS AD, so that´s probably the cause.