How To Establish LDAP Authentication (KBA1114)
Applicable Delphix Versions
Major Release |
All Sub Releases |
5.2 | 5.2.2.0 |
5.1 |
5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0 |
5.0 |
5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1 ,5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4 |
4.3 |
4.3.1.0, 4.3.2.0, 4.3.2.1, 4.3.3.0, 4.3.4.0, 4.3.4.1, 4.3.5.0 |
4.2 |
4.2.0.0, 4.2.0.3, 4.2.1.0, 4.2.1.1, 4.2.2.0, 4.2.2.1, 4.2.3.0, 4.2.4.0 , 4.2.5.0, 4.2.5.1 |
Issue
DIGEST-MD5 authentication with LDAP (Active directory) doesn't work
Troubleshooting
Cannot login using the principal provided, either the full DN or any domain-user formats.
This error is visible in the logs: "The digest-uri does not match any LDAP SPN's registered for this server"
Resolution
- The principal needs to be only the username (for example just user if your AD full username is domain\user or user@domain)
- Provide the fully qualified domain name of the server you would like to authenticate to, no IPs are allowed unless you set the proper SPNs for it on the domain controller.
For example domain.com is not sufficient, you need server.domain.com.
Additional Information
setspn command information are available here: https://docs.microsoft.com/en-us/pre...31241(v=ws.10)