Hi,
I am trying to use LDAP authentication against a Azure AD Domain Services enabled domain.
Setting up secure LDAP following instructions [1] went fine. I can access port 636 on the given Azure IP address and it serves the TLS certificate I gave it. I read somewhere that all users that want to authenticate via LDAP need to have their passwords reset, so that the necessary password hashes can be created. So I did that, multiple times. I can log in to MS portals with this user, so I know its password is correct.
Now I am trying to bind to the service from a machine in my office, but I can't get it to work. All I get is "Invalid credentials".
I'm using ldapsearch on a Linux machine for testing:
ldapsearch -H ldaps://<service ip> -D '<username>@<domain>' -w <password> -x -vvvv -b "dc=<domain part>,dc=<tld>" givenName
I have tried many different things as bind DN (-D), but the result is always the same: Invalid credentials.
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
I haven't been able to find the format for the bind--DN in any documentation. What should it be?
[1] https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap
Best regards,
Martijn