Version Affected: [insert version(s) here]
Description:
Unable to sign in due to invalid_user error.
Error Log:
Message="LDAPMembershipProvider.GetUser: Exception: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index"
Message="Error Message: This property cannot be set for anonymous users. : Browser:Mozilla/5.0 (iPhone; CPU iPhone OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148"
Cause:
Ldap search filter was set to:
(&(|(msDS-cloudExtensionAttribute1=%v)(samAccountName=%v)(userPrincipalName=%v)(mail=%v))(objectclass=*))
which returned multiple objects from AD i.e., user and contact.
Resolution:
In order to resolve the issue, changed the search filter to:
(&(|(msDS-cloudExtensionAttribute1=%v)(samAccountName=%v)(userPrincipalName=%v)(mail=%v))(objectclass=user))
Special Considerations (optional as needed):
Use AD Users and Computers to see results of your LDAP search query:
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.