Hi
I am trying to connect to Azure Active Directory via ldaps over the internet. I followed https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap , and my setup seems to work so far. Now I'd like to connect with ldapsearch:
$ ldapsearch -H 'ldaps://12.34.56.789:636' -x -D 'azure.accountowner@gmail.com' -w MyPasswd -b "dc=mydomain,dc=com"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
I can login to the Azure console with these particular credentials, the problem is definitely not a typo. So it seems to be a matter of the DN format. I also tried 'cn=azure.accountowner@gmail.com' and '/cn=azure.accountowner@gmail.com' which all failed in the same fashion. I checked the output of "az ad signed-in-user show" for this user, but there is no attribute that faintly looks like a typical DN.
So, my particular question is: What is the DN of my user?
This question has been raised before in https://social.msdn.microsoft.com/Forums/sqlserver/en-US/0aa258e8-ebec-4e99-9d65-f03684272a46/binding-to-secure-ldap-always-gives-quotinvalid-credentialsquot?forum=WindowsAzureAD , but unfortunately the communication had been shifted to email, and there is no public answer.
I am trying to connect to Azure Active Directory via ldaps over the internet. I followed https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap , and my setup seems to work so far. Now I'd like to connect with ldapsearch:
$ ldapsearch -H 'ldaps://12.34.56.789:636' -x -D 'azure.accountowner@gmail.com' -w MyPasswd -b "dc=mydomain,dc=com"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580
I can login to the Azure console with these particular credentials, the problem is definitely not a typo. So it seems to be a matter of the DN format. I also tried 'cn=azure.accountowner@gmail.com' and '/cn=azure.accountowner@gmail.com' which all failed in the same fashion. I checked the output of "az ad signed-in-user show" for this user, but there is no attribute that faintly looks like a typical DN.
So, my particular question is: What is the DN of my user?
This question has been raised before in https://social.msdn.microsoft.com/Forums/sqlserver/en-US/0aa258e8-ebec-4e99-9d65-f03684272a46/binding-to-secure-ldap-always-gives-quotinvalid-credentialsquot?forum=WindowsAzureAD , but unfortunately the communication had been shifted to email, and there is no public answer.