Users in an ADLDS datastore are unable to either login or change their password

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All


    When attempting to login to a realm using ADLDS as a membership provider the login will fail when entering the password with "Password does not match" despite the password being correct:


    Additionally the warning.log for the realm will contain the following:


    <Root><EventID>51101</EventID><Timestamp>7/26/2017 11:31:03 AM</Timestamp><SeverityLevel>Error</SeverityLevel><Priority>1</Priority><Message>LDAPMembershipProvider.ValidateUserWithLDAPConnectionBind: username: bob, Exception: The supplied credential is invalid.</Message></Root>


    If the Workflow is set to request Username only then the user is able to login, thus proving that the realm is able to query the ADLDS membership provider.




    The user object is disabled in ADLDS.  Newly created objects in ADLDS default to a disabled state.



    Enable the user object in ADLDS using a tool capable of writing to ADLDS e.g. ADSIEdit, PowerShell etc.

    To enable the account edit the attribute named msDS-UserAccountDisabled, setting it to False:




    0 out of 0 found this helpful



    Please sign in to leave a comment.