I have configured the Local Active Directory (AD) as an external LDAP server. When I set the private port to 636 (the default LDAPS port) and try to log in using an LDAP user and password, I receive an error. However, when I change the port to 389 (the default LDAP port), I am able to log in successfully.
Error: Executing AbpApplicationConfigurationAppService.GetAsync()... 2025-07-28 17:43:06.952 +05:30 [INF] Authorization failed. These requirements were not met: ClaimsAuthorizationRequirement:Claim.Type=tokenType and Claim.Value is one of the following values: (user) 2025-07-28 17:43:06.952 +05:30 [INF] Authorization failed. These requirements were not met: ClaimsAuthorizationRequirement:Claim.Type=tokenType and Claim.Value is one of the following values: (machine) 2025-07-28 17:43:06.960 +05:30 [DBG] Executed AbpApplicationConfigurationAppService.GetAsync()
5 Answer(s)
-
0
When using port 636 for LDAPS (LDAP over SSL), the connection requires SSL/TLS encryption. If you can authenticate successfully on port 389 (plain LDAP) but not on 636, the issue is likely related to SSL configuration on your Active Directory server or the client’s trust of the server certificate.
To resolve this:
Ensure your Active Directory server is configured for LDAPS:
- The server must have a valid SSL certificate installed (typically issued to the server’s FQDN).
- The certificate must be trusted by the client machine running your ABP application.
Verify the certificate chain:
- The client (your ABP app server) must trust the CA that issued the AD server’s certificate.
- Import the CA certificate into the trusted root store if necessary.
Test LDAPS connectivity:
- Use tools like
ldp.exe(Windows) oropenssl s_client -connect your-ad-server:636to verify that LDAPS is working outside of ABP.
- Use tools like
Update your ABP LDAP configuration:
- Set the port to 636.
- Set
UseSsl(or equivalent) totruein your LDAP provider settings.
Example configuration:
"AbpLdap": { "ServerHost": "your-ad-server.domain.com", "ServerPort": 636, "UseSsl": true, "Domain": "yourdomain", "UserName": "ldap-user", "Password": "ldap-password" }- Restart your ABP application after making these changes.
If you need to test your LDAP/LDAPS configuration independently of ABP, you can use the ABP Ldap Test Application:
- https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample
This can help isolate whether the issue is with your AD/LDAPS setup or the ABP configuration.
If the problem persists, check for certificate errors or handshake failures in your application logs.
Sources:
- ABP Ldap Test Application: https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
Function: protected async override Task ConnectAsync(ILdapConnection ldapConnection) { var port = await LdapSettingProvider.GetServerPortAsync(); Logger.LogInformation("LDAP Connect override function called"); var schema = port == 636 ? LdapForNet.Native.Native.LdapSchema.LDAPS : LdapForNet.Native.Native.LdapSchema.LDAP; Logger.LogInformation($"LDAP Binding props: Host :- {await LdapSettingProvider.GetServerHostAsync()} - Port :- {await LdapSettingProvider.GetServerPortAsync()} - Schema :- {schema.ToString()} - version :- {LdapForNet.Native.Native.LdapVersion.LDAP_VERSION3.ToString()}"); ldapConnection.Connect(await LdapSettingProvider.GetServerHostAsync(), await LdapSettingProvider.GetServerPortAsync(), port == 636 ? LdapForNet.Native.Native.LdapSchema.LDAPS : LdapForNet.Native.Native.LdapSchema.LDAP,LdapForNet.Native.Native.LdapVersion.LDAP_VERSION3); } Values Logging: LDAP Binding props: Host :- 10.1.1.130 - Port :- 636 - Schema :- LDAPS - version :- LDAP_VERSION3 Exception: LdapForNet.LdapException: Server Down. Result: 81. Method: ldap_connect at LdapForNet.Native.LdapNative.ThrowIfError(Int32 res, String method, IDictionary`2 details) at LdapForNet.Native.LdapNativeWindows.LdapConnect(SafeHandle ld, TimeSpan connectionTimeout) at LdapForNet.LdapConnection.BindAsync(LdapAuthType authType, LdapCredential ldapCredential) at Volo.Abp.Identity.ExternalLoginProviders.Ldap.OpenLdapManager.AuthenticateLdapConnectionAsync(ILdapConnection connection, String username, String password) in D:\Git_Sandbox\XSenseOne\modules\Volo.Identity.Pro\src\Volo.Abp.Identity.Pro.Domain\Volo\Abp\Identity\Ldap\OpenLdapManager.cs:line 80 at Volo.Abp.Identity.ExternalLoginProviders.Ldap.OpenLdapManager.AuthenticateAsync(String username, String password) in D:\Git_Sandbox\XSenseOne\modules\Volo.Identity.Pro\src\Volo.Abp.Identity.Pro.Domain\Volo\Abp\Identity\Ldap\OpenLdapManager.cs:line 101
-
0
hi
Test application
Testing the LDAP configuration using your application might be complicated. Therefore you can use our test application. The following dotnet console app is for testing your LDAP configuration. Before using the configuration, test in this app and see if it works.
See https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample
-
0
Hi i have tried that sample which you provided. still, if the port number is 389, it is working. if i change the port number is 636 getting an Error : "Server Down. Result: 81. Method: ldap_connect" .
using LdapForNet; using LdapForNet.Native; using System; using System.Linq; using System.Threading.Tasks;
namespace LdapSample { class Program { static async Task Main(string[] args) { var server = "10.1.1.130"; //var serverPort = 389; var serverPort = 636; var baseDc = "dc=killotp,dc=com"; var adminUserName = "james"; var adminPassword = "testpwd"; var testUserName = "james"; var testPassword = "testpwd";
using (var ldapConnection = new LdapConnection()) { ldapConnection.Connect(server, serverPort, Native.LdapSchema.LDAP, Native.LdapVersion.LDAP_VERSION3); try { await ldapConnection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential { // Configure username according to your LDAP config: // cn=admin,dc=abp,dc=com or just username. //UserName = $"cn={adminUserName},{baseDc}", //Password = adminPassword UserName = adminUserName, Password = adminPassword, }); Console.WriteLine($"{adminUserName} login success!"); // Configure filter according to your LDAP config: // (&(uid=admin)) or (&(objectClass=user)(sAMAccountName={admin})) var searchResults = await ldapConnection.SearchAsync(baseDc, $"(&(sAMAccountName={testUserName}))"); Console.WriteLine(); Console.WriteLine($"{testUserName} attributes:"); var userEntry = searchResults.First(); Console.WriteLine(string.Join(", ", userEntry.ToDirectoryEntry().Attributes)); await ldapConnection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential { UserName = userEntry.Dn, Password = testPassword }); Console.WriteLine(); Console.WriteLine($"{testUserName} login success!"); } catch (Exception e) { Console.WriteLine(e); } Console.ReadKey(); } } }}
-
0
hi
That means the code is not the problem, but the LDAP server has some issues.
Thanks.
