Getting the following error when trying to login with an AD account:
84>1 2020-04-07T21:00:47.516+00:00 cacc7460eaf3 conjur e359f302-43d6-4f36-af19-7f530dc8c6d8 authn [action@43868 result=“failure” operation=“authenticate”][subject@43868 role=“ATHProd:user:SXXXP”][auth@43868 authenticator=“authn-ldap” service=“ATHProd:webservice:conjur/authn-ldap/axxs-xxxp-tld”][meta sequenceId=“2”] ATHProd:user:UXXXP failed to authenticate with authenticator authn-ldap service ATHProd:webservice:conjur/authn-ldap/axxxs-xxxp-xxd: CONJ00002E Invalid credentials
Auth policy:
-
!policy
id: axxxxx-cxxx-xxx
body:-
!host
-
!webservice
owner: !host
annotations:
ldap-authn/base_dn: dc=xxxxxx,dc=xxx,dc=xxx
ldap-authn/bind_dn: cn=EPVADService,cn=Service Accounts,cn=Resource Accounts,dc=xxxx,dc=xxx,dc=xxx
ldap-authn/connect_type: ssl
ldap-authn/host: pxxxxxxxx.xxxx.xxxx.xxx
ldap-authn/port: 636
ldap-authn/filter_template: (&(objectCategory=Person)(uid=%s)) -
!group clients
-
!permit
role: !group clients
privilege: [ read, authenticate ]
resource: !webservice -
!variable
id: bind-password
owner: !host -
!variable
id: tls-ca-cert
owner: !host
-
-
!grant
role: !group xxxxx-xxx-xxx/clients
member: !group “/US-EPV-Administrator”
User Policy:
- !user
id: UXXXP
owner: !group
id: conjur/ldap-sync
annotations:
ldap-sync/source: pxxxxxxx4.xxxxx.xxxx.xxxx:636
ldap-sync/upstream-dn: CN=UXXXXP,OU=Privileged,OU=Resource Accounts,DC=xxxxx,DC=xxxx,DC=xxx - !group
id: US-EPV-Administrator
owner: !group
id: conjur/ldap-sync
annotations:
ldap-sync/source: pxxxxx4.xxxx.xxx.xxx:636
ldap-sync/upstream-dn: cn=US-EPV-Administrator,ou=GROUPS,dc=xxxxx,dc=xxxx,dc=xxxx - !grant
role: !group
id: US-EPV-Administrator
members:- !member
role: !user
id: USP10P
admin: true
- !member
- !permit
role: !group US-EPV-Administrator
privileges:- create
- update
- read
resources: - !policy root