[Solved] LDAP Error - First Bind Failed 187 and 197

[adupre01]

I am running OTRS on a Windows 2008 Server. Recently I was monkeying around and broke some stuff in my install of OTRS, so I restored to the latest snapshot I had from when it was all working fine. Now however, I am unable to login (agent or customers) with any of the accounts I have setup. I was hoping someone could shed some light on what the below errors mean.

Code: Select all

[Error][Kernel::System::CustomerUser::LDAP::_Connect][197] First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 

Code: Select all

[Error][Kernel::System::Auth::LDAP::Auth][187] First bind failed! 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0 

As far as I know (and have been told by other techs) nothing has changed with our Active Directory groups structure or LDAP or the search user credentials. I can post my config file if needed, but it is the same as it was from when it worked earlier (see 'restored to latest snapshot...') so I am just stumped as to what is wrong.

Thank

[crythias]

From what I'm seeing on Google, 52e is invalid credentials. It might be a problem with use of special characters in password. It might be date/time problems.

[adupre01]

So I replaced my modified config file which syncs with LDAP with just a generic config.pm. Doing this allowed me to reset my password for my admin account. When I got in I saw that there were no customers in the customer database! I do not understand why they would be missing. My understanding from the documentation was that items in the database would never be deleted. I thought that customer records (once entered) would remain in OTRS even if later it weren't able to sync with LDAP.

Could the database have been dropped somehow when I reverted to my 7/13 snapshot? It should have just put it back to that same working state that it was in.

I'm guess there is probably not a way to get it back...?

Anyways I am going to try to rebuild the config file piece by piece to have it sync with LDAP and repopulate the customer database.

[crythias]

Customers in LDAP don't load into the database. They're just looked up.

[adupre01]

Gotcha, thanks. That's good to know about customer database. Does that explain why I could never lookup the customer_user table in the SQL Box? Because there is no customer_user table if it is just looked up in AD?

Alright, well tried a couple things looks like there was a problem with our Active Directory server so we restarted that. Also tried turning off firewall on our OTRS server. Neither of those steps have seemed to help the problem. I tried using telnet between the servers to check to see that the ports for LDAP requests are open and cannot get a response between our AD and OTRS servers. Followed packets between the two with wireshark and that is where it is giving the "First Bind Failed" message. The thing is though the network guys assured me that there is no firewall or ports blocked on our AD server and that we don't really have anything else setup on our network that would prevent traffic between these two servers.

Any more ideas? Thanks.

[crythias]

Until there is a reason to say otherwise, I'm still hanging onto my first post.
Especially in light of this:
http://forums.otrs.org/viewtopic.php?f=62&t=10580
and
This (translated from German).

[adupre01]

Thanks for the reply Crythias. Sorry for the delay I've been gone and busy. I will quadruple check all of my settings for LDAP sync and auth and still continue to test other network security issues which may be involved. If I find anything I will post results and step by step.

[ferrosti]

This does not have to do with network settings at all, since communication between OTRS and LDAP works. The error message comes from LDAP backend.
Either your search user does not exist (check the whole dn path) or its PWD is wrong or contains 'critical' chars.

[adupre01]

Thank you for your help.

We were pointing at our AD domain controllers and now we have it pointed directly at our LADP and all is good.