Fail to import contact from LDAP ERROR ldap_bind() ERROR(Invalid Credentials)

Document ID : KB000076519
Last Modified Date : 06/07/2018
Show Technical Document Details
Issue:
Trying to configure a new AD for multidomain in SDM when doing the ldap test connection the following error appear in CMD:

C:\Windows\system32>pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
Starting pdm_ldap_test...
LDAP Directory Type : active directory
Service Desk Platform : windows
Search Base : DC=,DC=,DC=
Search Filter : (objectClass=person)
Administrator Username : cn=,ou=,DC=,DC=e,DC=
Administrator Password : **********
LDAP Host : <serverIP or Hostname>
LDAP Port : <ldapport>
ldap_bind() ERROR(Invalid Credentials)

In stdlogs the following error appear:
03/20 16:50:11.67 <serverIP or Hostname> domsrvr 572 SIGNIFICANT factory.c 1593 Factory ldap_group has no last mod date attribute
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3379 Initializing LDAP connection for host(<serverIP>); port(389)
03/20 16:50:11.67 <serverIP or Hostname> ldap_agent_nxd 4768 SIGNIFICANT ldap_agent.c 3411 LDAP_Server connecting to host(<serverIP>) port(389)
03/20 16:50:12.55 <serverIP or Hostname> ldap_agent_nxd 4768 ERROR ldap_agent.c 3578 LDAP_Server ldap_bind() error(010B10B0); username(CN=,OU=,DC=uva,DC=e,DC=)
03/20 16:50:12.56 <serverIP or Hostname> ldap_sync 8452 ERROR ldap_sync.c 369 pdm_ldap_import: Method got_record in Ldap_Group_Catcher failed ()

By testing connection with an Ldap browser configuration might work in a test connection also with other LDAP client but SDM won't allow the import or test if in AD side the 'samaAccountName' doesn't match with the 'cn='
Environment:
Service Desk Manager 14.1 / R17.0 / R17.1
Microsoft Active Directory.
Cause:
Issue is related to how the application tries to do the bind and what fields looks for match. The samAccountName (SDM_service) was not the same as the CN.

 
Resolution:
Log in Active directory and check:

1) Compare samAccountName with cn of the user for connection if they are same.
2) if they are different and connection is being test with cn, check connection by using samAccountName

Example:
Test connection by using  samAccountName instead of CN: pdm_ldap_test -h <serverIP or Hostname>:<ldapport> -d "cn=,ou=,DC=" -p <password> -s DC=,DC=,DC=
In CN field enter the samAccountName
3) if connection works with samAccountName then ask to the Active Directory administrator to update contact to match these two fields.

 
Additional Information: