Skip to main content
Delphix

How To Establish LDAP Authentication

 

 

Applicable Delphix Versions

 

Major Release

All Sub Releases

5.2 5.2.2.0

5.1

5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0

5.0

5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1 ,5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4

4.3

4.3.1.0, 4.3.2.0, 4.3.2.1, 4.3.3.0, 4.3.4.0, 4.3.4.1, 4.3.5.0

4.2

4.2.0.0, 4.2.0.3, 4.2.1.0, 4.2.1.1, 4.2.2.0, 4.2.2.1, 4.2.3.0, 4.2.4.0 , 4.2.5.0, 4.2.5.1

Issue

DIGEST-MD5 authentication with LDAP (Active directory) doesn't work

Troubleshooting

Cannot login using the principal provided, either the full DN or any domain-user formats.
This error is visible in the logs: "The digest-uri does not match any LDAP SPN's registered for this server"

Resolution

  • The principal needs to be only the username (for example just user if your AD full username is domain\user or user@domain)
  • Provide the fully qualified domain name of the server you would like to authenticate to, no IPs are allowed unless you set the proper SPNs for it on the domain controller.

For example domain.com is not sufficient, you need server.domain.com.

Additional Information

setspn command information are available here: https://docs.microsoft.com/en-us/pre...31241(v=ws.10)