SecureAuth IdP Version affected: All
Description:
When attempting to login to a realm using ADLDS as a membership provider the login will fail when entering the password with "Password does not match" despite the password being correct:
Additionally the warning.log for the realm will contain the following:
<Root><EventID>51101</EventID><Timestamp>7/26/2017 11:31:03 AM</Timestamp><SeverityLevel>Error</SeverityLevel><Priority>1</Priority><Message>LDAPMembershipProvider.ValidateUserWithLDAPConnectionBind: username: bob, Exception: The supplied credential is invalid.</Message></Root>
If the Workflow is set to request Username only then the user is able to login, thus proving that the realm is able to query the ADLDS membership provider.
Cause:
The user object is disabled in ADLDS. Newly created objects in ADLDS default to a disabled state.
Resolution:
Enable the user object in ADLDS using a tool capable of writing to ADLDS e.g. ADSIEdit, PowerShell etc.
To enable the account edit the attribute named msDS-UserAccountDisabled, setting it to False:
Comments
Please sign in to leave a comment.