Unable to configure LDAP authentication

[elisabete reis]

Hi,
I'm trying to configure the LDAP authentication but It doesn't accept any configuration. If I don't fill in the "Additional User DN" I get no feedback and the configuration is not saved. If I fill in that field I get a "Additional user DN must contain {0}".

Can anyone help me with this?

Thank You

[cosminef]

Hello,

Thank you for reaching out.

Code: Select all

Additional user DN

Prepended to the base DN to create an LDAP distinguished name. E.g. cn={0}
The value needs to contains a {0} which will be replaced with the login username typed by users in the login form.

{0} will be automatically replaced with the username of the user who is logging in. For example:

• If the value is set to: uid={0},ou=people,dc=example,dc=com

• And someone logs in with the username john

• Content Fusion will construct the DN as: uid=john,ou=people,dc=example,dc=com

Here you can find a clear example of an LDAP configuration:

example-ldap-config.png

Best,
Cosmin

[elisabete reis]

Thanks, now I can connect to LDAP.

Still unable to login - LDAP: error code 49 - 80090308: LdapErr: DSID-0C090532, comment: AcceptSecurityContext error, data 52e, v4f7c.

Internal support says I need 3 certificates but I can upload only one, not sure this is what is causing the problem but I will check with them again.

[cosminef]

Hello,

Regarding your LDAP configuration issues:

1. Error 49 / data 52e (login failure)
This error means Active Directory could not authenticate the user. There are two possible causes:
- Wrong password — the user entered incorrect credentials
- Incorrect DN format — the "Additional User DN" template in Content Fusion may not match the actual structure of your Active Directory
When a user logs in, Content Fusion builds a full Distinguished Name by combining the "Additional User DN" template with the "Base DN". For example, if Additional User DN is cn={0},ou=employees and Base DN is dc=company,dc=com, the resulting DN sent to AD will be
cn=john,ou=employees,dc=company,dc=com. If this path does not exactly match the user's location in Active Directory, AD returns the same 52e error as for a wrong password.

2. Multiple certificates
If you need to upload more than one certificate (e.g. root CA + intermediate CA + server certificate), you can combine them all into a single .pem file and upload that: cat server.crt intermediate.crt root.crt > chain.pem

-----BEGIN CERTIFICATE-----
[Your Server Certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Intermediate Certificate]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[Root Certificate]
-----END CERTIFICATE-----

Note: the certificate issue would typically cause a connection error, not error 49. It is recommended to resolve the DN/credentials issue first, then address certificates if needed.

Best,
Cosmin

https://learn.microsoft.com/en-us/windo ... 1300-1699-