Knowledge Base

Support Policies

Users in an ADLDS datastore are unable to either login or change their password

SecureAuth IdP Version affected: All

Description:

When attempting to login to a realm using ADLDS as a membership provider the login will fail when entering the password with "Password does not match" despite the password being correct:

 

Additionally the warning.log for the realm will contain the following:

 

<Root><EventID>51101</EventID><Timestamp>7/26/2017 11:31:03 AM</Timestamp><SeverityLevel>Error</SeverityLevel><Priority>1</Priority><Message>LDAPMembershipProvider.ValidateUserWithLDAPConnectionBind: username: bob, Exception: The supplied credential is invalid.</Message></Root>

 

If the Workflow is set to request Username only then the user is able to login, thus proving that the realm is able to query the ADLDS membership provider.

 

Cause:

 

The user object is disabled in ADLDS.  Newly created objects in ADLDS default to a disabled state.

 

Resolution:

Enable the user object in ADLDS using a tool capable of writing to ADLDS e.g. ADSIEdit, PowerShell etc.

To enable the account edit the attribute named msDS-UserAccountDisabled, setting it to False:

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.