Fail to import contact from LDAP ERROR ldap_bind() ERROR(Invalid Credentials)

Document ID : KB000076519
Last Modified Date : 09/05/2018
Show Technical Document Details
Issue:
Trying to configure a new AD for multidomain in SDM when doing the ldap test connection the following error appear in CMD:

C:\Windows\system32>pdm_ldap_test -h 10.30.150.1:389 -d "cn=SDM_uva,ou=servico,DC
=uva,DC=edu,DC=cl" -p Ilumno18 -s DC=uva,DC=edu,DC=cl
Starting pdm_ldap_test...
LDAP Directory Type : active directory
Service Desk Platform : windows
Search Base : DC=uva,DC=edu,DC=cl
Search Filter : (objectClass=person)
Administrator Username : cn=SDM_uva,ou=servico,DC=uva,DC=edu,DC=cl
Administrator Password : **********
LDAP Host : 10.30.150.1
LDAP Port : 389
ldap_bind() ERROR(Invalid Credentials)

In stdlogs the following error appear:
03/20 16:50:11.67 c3d-itsmapp01 domsrvr 572 SIGNIFICANT factory.c 1593 Factory ldap_group has no last mod date attribute
03/20 16:50:11.67 c3d-itsmapp01 ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3379 Initializing LDAP connection for host(10.30.150.1); port(389)
03/20 16:50:11.67 c3d-itsmapp01 ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3411 LDAP_Server connecting to host(10.30.150.1) port(389)
03/20 16:50:12.55 c3d-itsmapp01 ldap_agent_nxd 4768 ERROR ldap_agent.c 3578 LDAP_Server ldap_bind() error(010B10B0); username(CN=SDM_uva,OU=Servico,DC=uva,DC=edu,DC=cl)
03/20 16:50:12.56 c3d-itsmapp01 ldap_sync 8452 ERROR ldap_sync.c 369 pdm_ldap_import: Method got_record in Ldap_Group_Catcher failed ()
 
Environment:
SDM 14.1 / R17.0 / R17.1
Microsoft Ldap.
Cause:
Issue is related to how the application try to do the bind and what fields looks for match.
When configuring a 2nd or 3rd ldap connection settings these configurations are set in NX.env
Configuracion might work in a test done with LDAPBROWSER or any other LDAP client but application won't allow the import or test if in AD side the 'samaAccountName' doesn't match with the 'cn='
Resolution:
the samaAccountName (SDM_service) was not the same as the CN=SDM_uva.
So test connection by using  sammaacountname instead of CN: pdm_ldap_test -h 10.2.100.3:389 -d "cn=SDM_service,ou=servico,DC =uva,DC=edu,DC=cl" -p Ilumno18 -s DC=uva,DC=edu,DC=cl
at this time test connection should be OK.
Then ask to AD administrator to update contact to match these two fields.
Additional Information:
Here is documentation for SDM configured with ldap:
https://docops.ca.com/ca-service-management/14-1/en/administering/configure-ca-service-desk-manager/configuring-user-accounts/how-to-integrate-ca-sdm-with-ldap
In the next link there are some tipical issues related to multiple ldap with SDM integration:
https://communities.ca.com/thread/241730555