Configuring LDAP - Every auth request gets denied w/ invalid credentials

I've recently set up TeamCity as part of our CI environment but I am having issues with the configuration of LDAP authentication.

In the auth-config.xml I changed the auth-type to LDAP and I added an ldap-config.properties. Our domain controller is named DAKAR and manages the domain abc.local (name changed for privacy issues) and for organizational purpose all users are put in a two nested OUs named ABC\Users (OU user is inside the ABC OU). The ABC organizational unit is located in the root of the domain.

This is how my ldap-config.properties looks like:
java.naming.provider.url=ldap://dakar.ABC.local:389/DC=ABC,DC=local
 
java.naming.security.principal=administrator
java.naming.security.credentials=omitted


teamcity.users.base=OU=Users,OU=ABC
teamcity.users.login.filter=(cn=$capturedLogin$)
teamcity.users.filter=(objectClass=user)


teamcity.users.username=sAMAccountName
teamcity.auth.loginFilter=[^/\\\\@]+
 
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=false

When I attempt to login this is what I find in my ldap log file:
[2013-11-12 16:43:58,466]  DEBUG -     jetbrains.buildServer.LDAP - ------ Starting login sequence for user-entered login: 'patrick' ------
[2013-11-12 16:43:58,466]  DEBUG -     jetbrains.buildServer.LDAP - Constructed filter '(cn=patrick)' from teamcity.users.login.filter=(cn=patrick)
[2013-11-12 16:43:58,466]  DEBUG -     jetbrains.buildServer.LDAP - Base environment properties: {java.naming.referral=follow, java.naming.provider.url=ldap://dakar.ABC.local:389/DC=ABC,DC=local, java.naming.security.principal=administrator}
[2013-11-12 16:43:58,466]  DEBUG -     jetbrains.buildServer.LDAP - Performing search in LDAP: base='OU=ABC,DC=ABC,DC=local', filter='(cn=patrick)', scope=2, attributes=[sAMAccountName, distinguishedName]
[2013-11-12 16:43:58,482]   WARN -     jetbrains.buildServer.LDAP - Search in LDAP: base='OU=ABC,DC=ABC,DC=local', filter='(cn=patrick)', scope=2, attributes=[sAMAccountName, distinguishedName] resulted in error
[2013-11-12 16:43:58,482]   INFO -     jetbrains.buildServer.LDAP - Failed to find user in LDAP by 'patrick'. Cause: Invalid credentials ([LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

Based on the error and the data I'm quite sure that TeamCity has some issues telling the domain controller where exactly my username can be found so it can bind. Can anyone point out what am I doing wrong here?

1 comment
Comment actions Permalink

Patrick,

The logs does not seem to correspond to the settings, but that can be due to the over-editing to conceal the actual names.

THe error code is "error code 49" which seems to be invalid credentials.

First, I'd double check the credentials are valid:
java.naming.security.principal=administrator
java.naming.security.credentials=omitted

You might also try to put full LDAP DN of the user into the value of "java.naming.security.principal="

0

Please sign in to leave a comment.