Directify SSO: Auth Error: cannot locate sso account - Invalid DN syntax

Created: 2022-03-10 10:48:53
Modified: 2022-03-10 11:38:32
Tags: Directify

As of v6.3.41, Directify supports Single Sign On (SSO)

With Single Sign On enabled, Directify will bypass the login screen.

If the required parameters are missing or incorrect, you may see the following errors when you open Directify:

LDAP Error: (34) Invalid DN syntax

To resolve the error: Review your Directify SSO settings for accuracy.

Auth Error: cannot locate sso account

  • Use of \bin\dirlog.exe can help diagnose this error

  • This error indicates an ACI setting has disallowed the Directify service account access to search the root of the target domain.

To resolve the error: add an ACI to allow the service account to be able search on objectclass at the root of the target domain.

Example Level 7 syslog trace

INFO 20:50:27 directify[12248] GET:
INFO 20:50:27 directify[12248] 10.194.150.12: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
INFO 20:50:27 directify[12248] sso header: HTTP_SM_USER
INFO 20:50:27 directify[12248] sso attrib: legacy-uid
INFO 20:50:27 directify[12248] sso data: rjoines@acme.com
INFO 20:50:27 directify[12248] sso query: (legacy-uid=rjones@acme.com)
INFO 20:50:27 directify[12248] sso query enc: (legacy-uid=\72\6a\6f\69\6e\65\73\40\61\63\6d\65\2e\63\6f\6d)
INFO 20:50:27 directify[12248] ldap context: o=acme
INFO 20:50:27 directify[12248] count: 0
INFO 20:50:27 directify[12248] Auth Error: cannot locate sso account.**
Share this article:
Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync