Error: Credentials not Valid at LDAP Server

10/14/2021 182 People found this article helpful 496,863 Views

Description

The error, Credentials not valid at LDAP server - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1771, is displayed in the LDAP configuration window when attempting to either test a user under the Test tab or when trying to auto-configure LDAP users and user groups under the Directory tab.

Resolution

Video Tutorial: Click here for the video tutorial of this topic

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

When this error occurs the following log message is generated. From the log message it is evident that this is an LDAP Bind error. When integrating SonicWall with an LDAP server, the user entered under Login user name under Manage | Users | Settings | Configure LDAP | Edit your LDAP server | Login/Bind Tab makes a Bind request. This request could fail if the username, password or the directory entered under User tree for login to server is incorrect.

Check the following to correct this issue

That the Login user name on the Manage | Users | Settings | Configure LDAP | Edit your LDAP server | Login/Bind Tab (if Give login name/location in tree is selected) is the display name and not the username.

EXAMPLE: John Doe is a display name and jdoe is the username. and That the above user is in the directory entered under User tree for login to server. This is normally the Users directory.
If Give bind distinguished name is selected under Manage | Users | Settings | Configure LDAP | Edit your LDAP server | Login/Bind Tab, make sure it is correct. For example, this is the DN of an administrator in the Users directory.
CN=Administrator,CN=Users,DC=sonic,DC=lab
That the password entered is correct.
NOTE: The user to bind to the LDAP server could be a normal domain user and need not be an administrator.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

When this error occurs the following log message is generated. From the log message it is evident that this is an LDAP Bind error. When integrating SonicWall with an LDAP server, the user entered under Login user name of the LDAP | Settings tab makes a Bind request. This request could fail if the username, password or the directory entered under User tree for login to server is incorrect.

Check the following to correct this issue

That the Login user name on the LDAP | Settings tab (if Give login name/location in tree is selected) is the display name and not the username.
EXAMPLE:John Doe is a display name and jdoe is the username.
That the above user is in the directory entered under User tree for login to server. This is normally the Users directory.
If Give bind distinguished name is selected under LDAP | Settings, make sure it is correct.
EXAMPLE: This is the DN of an administrator in the Users directory.
CN=Administrator,CN=Users,DC=hal-2010,DC=local
That the password entered is correct.