Active Directory support #9663

5 Answer(s)

• 

  0

  AI-Bot created 2 months ago

  Support Team ABP Agent

  • The error message Invalid credentials. 80090308: LdapErr: DSID-0C090450, comment: AcceptSecurityContext error, data 52e, v2580 indicates that the LDAP server is rejecting the username or password provided. This is a standard LDAP error (code 49, data 52e) meaning "invalid credentials".

  • Common causes and solutions:

    1. Double-check the username and password you are using for LDAP authentication. Ensure there are no typos and the account is not locked or expired.
    2. Make sure the LDAP settings (server address, port, base DN, etc.) are correctly configured in your ABP application.
    3. If you are using Active Directory, the username format may need to be user@domain or DOMAIN\\user.
    4. Ensure the user account has permission to bind to the LDAP server.
    5. If you are running in a container, ensure all required native libraries (like libldap) are installed and compatible with your environment.

  • After installing missing packages (like libldap), restart your application and verify the configuration again.

  • If you have enabled LDAP login for a tenant, confirm that the feature is enabled in both the host and tenant, and that the settings are correct.

  • You can also check the AbpFeatureValues table and clear the cache if changes are not reflected.

  • For more details and troubleshooting steps, refer to the official documentation and support threads below.

  Sources:

  • ABP LDAP Integration Documentation
  • ABP Support: LDAP Integration Problem

  ---

  This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  Save Cancel
• 

  0

  nayan.ranjane@softtech-engr.com created 2 months ago

  give me specific resolution

  Save Cancel
• 

  0

  maliming created 2 months ago

  Support Team Fullstack Developer

  hi

  Invalid credentials.

  Testing the LDAP configuration using your application might be complicated. Therefore you can use our test application. The following dotnet console app is for testing your LDAP configuration. Before using the configuration, test in this app and see if it works.

  https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample

  Thanks.

  Save Cancel
• 

  0

  nayan.ranjane@softtech-engr.com created one month ago

  It is working fine with your code but not working with our idp 4.2.1 can we have code of ldap module to check the issue or any other way to resolve the issue.

  [06:12:30 ERR] Invalid credentials. 80090308: LdapErr: DSID-0C090450, comment: AcceptSecurityContext error, data 52e, v2580. Result: 49. Method: ldap_parse_result. Details: errorMessage: 80090308: LdapErr: DSID-0C090450, comment: AcceptSecurityContext error, data 52e, v2580

  matchedMessage:

  LdapForNet.LdapInvalidCredentialsException: Invalid credentials. 80090308: LdapErr: DSID-0C090450, comment: AcceptSecurityContext error, data 52e, v2580. Result: 49. Method: ldap_parse_result. Details: errorMessage: 80090308: LdapErr: DSID-0C090450, comment: AcceptSecurityContext error, data 52e, v2580

  matchedMessage:

  at LdapForNet.Native.LdapNative.ThrowIfError(SafeHandle ld, Int32 res, String method, IDictionary`2 details)

  at LdapForNet.LdapConnection.ThrowIfParseResultError(IntPtr msg)

  at LdapForNet.LdapConnection.BindAsync(LdapAuthType authType, LdapCredential ldapCredential)

  at Volo.Abp.Ldap.LdapManager.AuthenticateLdapConnectionAsync(ILdapConnection connection, String username, String password)

  at Volo.Abp.Ldap.LdapManager.AuthenticateAsync(String username, String password)

  Save Cancel
• 

  0

  maliming created one month ago

  Support Team Fullstack Developer

  hi

  The LdapManager class code at: https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ldap/Volo/Abp/Ldap/LdapManager.cs

  The OpenLdapManager class code are:

  [Dependency(ReplaceServices = true)]
  [ExposeServices(typeof(OpenLdapManager), typeof(ILdapManager), typeof(LdapManager))]
  public class OpenLdapManager : LdapManager
  {
      public OpenLdapManager(ILdapSettingProvider ldapSettingProvider)
          : base(ldapSettingProvider)
      {
  
      }
  
      public virtual async Task<string> GetUserEmailAsync(string userName)
      {
          using (var conn = await CreateLdapConnectionAsync())
          {
              await AuthenticateLdapConnectionAsync(conn, await NormalizeUserNameAsync(await LdapSettingProvider.GetUserNameAsync()), await LdapSettingProvider.GetPasswordAsync());
  
              var searchResults = await conn.SearchAsync(await GetBaseDnAsync(), await GetUserFilterAsync(userName));
              try
              {
                  var userEntry = searchResults.First();
                  return await GetUserEmailAsync(userEntry);
              }
              catch (LdapException e)
              {
                  Logger.LogException(e);
              }
  
              return null;
          }
      }
  
      protected async override Task ConnectAsync(ILdapConnection ldapConnection)
      {
          var schema = await LdapSettingProvider.GetLdapOverSsl() ? Native.LdapSchema.LDAPS : Native.LdapSchema.LDAP;
          ldapConnection.Connect(await LdapSettingProvider.GetServerHostAsync(), await LdapSettingProvider.GetServerPortAsync(), schema);
      }
  
      protected virtual async Task<string> NormalizeUserNameAsync(string userName)
      {
          return $"cn={userName},{await LdapSettingProvider.GetBaseDcAsync()}";
      }
  
      protected virtual Task<string> GetUserEmailAsync(LdapEntry ldapEntry)
      {
          return Task.FromResult(ldapEntry.ToDirectoryEntry().GetAttribute("mail")?.GetValue<string>());
      }
  
      protected virtual async Task<string> GetBaseDnAsync()
      {
          return await LdapSettingProvider.GetBaseDcAsync();
      }
  
      protected virtual Task<string> GetUserFilterAsync(string userName)
      {
          return Task.FromResult($"(&(uid={userName}))");
      }
  }
  

  Save Cancel