LDAP - Could Not Connect, Invalid Credentials, Bad Username/ID/Password2019-08-09 10:58:03
Errors Troubleshooting UnitySync
Could Not Connect
Could Not Connect means the server could not be reached. This is generally a physical connectivity, firewall, or port issue.
Could Not Authenticate, Invalid Credentials, or Bad Username ID / Password
These type of errors means the function has successfully reached the target server, but LDAP authentication to the server has failed. The most common causes of this problem are as follows (generally in this order):
First, for any Directory Type:
- Verify there are no typo’s in the LDAP Connection Information (IP, port, name, password) on the Source and Destination tabs
- Verify server setup has been performed per the Administrator Guide section on Configuring Directory Servers.
- Use the recommended Login ID format -
firstname.lastname@example.org. If the Test button indicates success but Sync then fails with bad name or password error, the format is likely to blame
If this is an Active Directory (AD) server:
- Verify you are pointing to the IP of a Domain Controller, not an Exchange 200x server
- Verify that your LDAP server is not configured for Strong Authentication
- UnitySync does not support Strong Authentication (Required Signing)
- Reconfigure the LDAP authentication on the server so signing is not required
- If you are receiving a Bind Failure, Invalid Credentials error, please review this article for more information
- Verify you are using the Login ID as it appears in the Account tab of the AD User’s properties (User Logon Name)
Once you have checked all of the above, and are still receiving errors, try the below test and provide the results to email@example.com. These tests are for any directory type.
Test 1: From a command prompt on the UnitySync server, execute the following (specify correct IP and port to test):
telnet 22.214.171.124 port
If an error is returned, connectivity to the specified IP/Port is unavailable. This connection must be possible in order for authentication to succeed.
If an empty black screen results, the connection was successfully established.
If the result is an error you have confirmed a basic inability to query the source directory using the specified port and login. You may need to have the ports opened on the firewall or use SSL.
Test 3: Obtain a known good Domain Admin login for this Source. Try the UnitySync Test button again and/or the above ldifde or ldapsearch tests using the known good Admin login account.
If you are able to connect using the known good Admin login credentials, but unable to connect with your original credentials, you’ll need to revisit the configuration of the service account and ensure it has the proper permissions.
Test 4: Try to find the rootdse of the target server
ldifde -f rootdse.txt -d “” -r “(objectclass=*)” -p base -s 127.0.0.1