LDAP Error: Invalid credentials
What was the error?
Message Number: 384
Message Severity: Error (Corrective action is required to continue)
Message Name: ARS0384E
LDAP Error: Invalid Credentials -- ldap_rc=<RC> -- extended+rc=<RC>, Success -- ldap_errno=<RC>, extra_rc=<RC> File=arsldap.c, Line=<LineNo>
where <RC> is the return code, and <LineNo> is the line in the source code where the error was caught. See below for more information on common return codes and their meanings.
What were you doing?
Probably attempting to configure LDAP on Content Manager OnDemand for the first time, or a user attempted to authenticate with a bad user id or password on an LDAP-enabled CMOD server.
The LDAP server couldn't authorize the user to perform an action, because the User ID or password they provided was not correct. It may also indicate an error in your LDAP configuration.
arssockd (ARCHIVE): 2015-04-29 10:54:03.274673 42422 CMODUSER 2 384 ARS0384E LDAP Error: Invalid credentials -- ldap_rc=49, -- extended_rc=0, Success -- ldap_errno=0, extra_rc=0, File=arsldap.c, Line=1308
You may need to Disable IBM CMOD LDAP Authentication in order to return the server to operation.
Ensure you are using the correct User ID or password
- Content Manager OnDemand uses non-case sensitive passwords by default, while LDAP servers store passwords in a case-sensitive manner.
- In order to do this, CMOD converts the passwords to uppercase ("PassWord" is changed to "PASSWORD") before hashing them and storing them in the database.
- Inside the Administrative Client, under System Parameters -> Login Details, in the top-right pane, select "Passwords Case Sensitive". Any accounts that are excluded from password authentication (ie, the 'admin' account) will need to have their passwords entered in uppercase until they're reset.
Verify your stash file
- You may have incorrect configuration data in your stash file. See arsstash for an explanation of stash files, or LDAP and Content Manager OnDemand for a tutorial.
- Work with your LDAP administrators to determine the proper LDAP string to use in your stash file configuration.
The return code 49 indicates that you likely have an incorrect User ID or password, or possibly a restriction on the LDAP account which is causing the authentication request to fail. If you're using Microsoft Active Directory, you will need to change your ars.cfg file to include:
Activate System Trace on CMOD
Change the trace.settings configuration file to include the following string:
And make the change to tracing through the Content Manager OnDemand Administrative Client.
LDAP Return Codes
|525||user not found|
|530||not permitted to logon at this time|
|531||not permitted to logon at this workstation|
|534||The user has not been granted the|
requested logon type at this machine
|773||user must reset password|
|775||user account locked|