Users in an ADLDS datastore are unable to either login or change their password

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All

    Description:

    When attempting to login to a realm using ADLDS as a membership provider the login will fail when entering the password with "Password does not match" despite the password being correct:

     

    Additionally the warning.log for the realm will contain the following:

     

    <Root><EventID>51101</EventID><Timestamp>7/26/2017 11:31:03 AM</Timestamp><SeverityLevel>Error</SeverityLevel><Priority>1</Priority><Message>LDAPMembershipProvider.ValidateUserWithLDAPConnectionBind: username: bob, Exception: The supplied credential is invalid.</Message></Root>

     

    If the Workflow is set to request Username only then the user is able to login, thus proving that the realm is able to query the ADLDS membership provider.

     

    Cause:

     

    The user object is disabled in ADLDS.  Newly created objects in ADLDS default to a disabled state.

     

    Resolution:

    Enable the user object in ADLDS using a tool capable of writing to ADLDS e.g. ADSIEdit, PowerShell etc.

    To enable the account edit the attribute named msDS-UserAccountDisabled, setting it to False:

     

     

     

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.