Error: The supplied credential is invalid in LDAP Authentication Plugin


#1

Hello, I am trying to set the ldap-auth plugin to be on all apis.
My configuration for this plugin is:

curl -X POST http://localhost:8001/plugins/
--data "name=ldap-auth" 
--data "config.hide_credentials=false" 
--data "config.ldap_host=10.180.20.1" 
--data "config.ldap_port=389" 
--data "config.base_dn=OU=Employees,OU=COMPANY-USERS,DC=test,DC=com" 
--data "config.attribute=cn" 
--data "config.cache_ttl=60"

I consume the api using

curl -H "Authorization: LDAP <base64(cn:password)>" http://localhost:8000/details/

Everything from here is working fine, But when i set the config.attribute=samaccountName
The kong logs gives me

Error: The supplied credential is invalid.
Details: 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580

Attribute that works are cn and name but anything else do not like samaccountName or email.


#2

Hello,

What you are describing should in fact work.

Just to clarify: can you confirm after changing the attribute to samaccountName, you also changed the base64 calculation used in curl so that it used samaccountName instead of cn?


#3

Thanks for responding,

I did change it so be the base64(samaccountname:password) and it is still giving me the same error.
I am not sure if there is other place i should be looking at. I have tested the samaccountname with the a python code to authenticate and it was working fine.


#4

I do have the same issue, Any updates on this?