AD login not working

Dear all,

I can not figure out why I’m getting the following.

I have configured an LDAP connection to the global Active Directory of the group I’m part of.

Such configuration usualy works well with other applications (it works also for elasticsearch for instance).

But here I’m getting the following error :

t=2017-04-15T15:57:20+0000 lvl=eror msg="Error while trying to authenticate user" logger=context userId=0 orgId=0 uname= error="LDAP Result Code 10 \"Referral\": 0000202B: RefErr: DSID-03100781, data 0, 1 access points\n\tref 1: 'domain.example'\n

Nowhere I find any clue about this DSID error.

I’ve tried in the search_base to add the OU, without success. I’ve also verified by putting false IDs for bind_dn and pwd, and then error is different.

If I put in my login false password, I still get the same error in the log, so it doesn’t detect that the user is correct or not properly.

My configuration ldap.toml is as below:

[[servers]]
host = "ldap_host"
port = 389
use_ssl = false
start_tls = true
ssl_skip_verify = true
bind_dn = "CN=technical_account,OU=Service_Accounts,OU=Domain_Users,DC=domain,DC=example"
bind_password = 'hihi'
search_filter = "(sAMAccountName=%s)"
search_base_dns = ["DC=domain,DC=example"]

[servers.attributes]
name = "givenName"
surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email =  "email"

[[servers.group_mappings]]
group_dn = "CN=GROUP1,OU=APP_Groups,OU=Domain_Groups,DC=domain,DC=example"
org_role = "Admin"

[[servers.group_mappings]]
group_dn = "CN=GROUP2,OU=APP_Groups,OU=Domain_Groups,DC=domain,DC=example"
org_role = "Editor"
[[servers.group_mappings]]

#group_dn = "CN=GROUP3,OU=APP_Groups,OU=Domain_Groups,DC=domain,DC=example"
group_dn = "*"
org_role = "Viewer"

Do you see something, have any clues to help me investigate, or any idea ?

Thank you.

I am not familiar with that LDAP error code. Have you google the error?

Seems to be related to the search base dn, maybe it does not exist?

No answer on google for this error specifically.
I have solved finally the trouble by going to another DC and it succeeded…