Error: The supplied credential is invalid in LDAP Authentication Plugin

Questions
1

Hello, I am trying to set the ldap-auth plugin to be on all apis.
My configuration for this plugin is:

curl -X POST http://localhost:8001/plugins/
--data "name=ldap-auth" 
--data "config.hide_credentials=false" 
--data "config.ldap_host=10.180.20.1" 
--data "config.ldap_port=389" 
--data "config.base_dn=OU=Employees,OU=COMPANY-USERS,DC=test,DC=com" 
--data "config.attribute=cn" 
--data "config.cache_ttl=60"

I consume the api using

curl -H "Authorization: LDAP <base64(cn:password)>" http://localhost:8000/details/

Everything from here is working fine, But when i set the config.attribute=samaccountName
The kong logs gives me

Error: The supplied credential is invalid.
Details: 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580

Attribute that works are cn and name but anything else do not like samaccountName or email.

2

Hello,

What you are describing should in fact work.

Just to clarify: can you confirm after changing the attribute to samaccountName, you also changed the base64 calculation used in curl so that it used samaccountName instead of cn?

3

Thanks for responding,

I did change it so be the base64(samaccountname:password) and it is still giving me the same error.
I am not sure if there is other place i should be looking at. I have tested the samaccountname with the a python code to authenticate and it was working fine.

4

I do have the same issue, Any updates on this?

5

I also got the same error when using the attribute “sAMAccountName”
Anyone can help?

Kong version: 1.1.2

8

Hello,

I have the same issue.
I think the kong ldap plugin is considering only CN attributes. I

I’ve opened an issue on github:

Hope someone will fix it :slight_smile:

9

Hello guys!

I have the same issue to configure the plugin.

Can someone help me, please?