Hello,

Currently, I use LDAP for authentication to AD on Cisco C3650 but its not working.

This is my configuration:

aaa group server ldap [ommited]
 server 192.168.1.50
ldap attribute-map MAP-LDAP
 map type sAMAccountName username
ldap server 192.168.1.50
 ipv4 192.168.1.50
 bind authenticate root-dn CN=sttldap,CN=Users,DC=[ommited],DC=com,DC=vn password 7 1424263F5B072F7F7D701F1102236A
 base-dn CN=Users,DC=[ommited],DC=com,DC=vn

When I use command "test aaa group [ommited] sttldap [ommited] new-code"

It noticed "User rejected"

I double check and this account in still valid in AD

This is the log when I debug LDAP all

Dec 19 04:13:11.309: LDAP: LDAP: Queuing AAA request 0 for processing
Dec 19 04:13:11.309: LDAP: Received queue event, new AAA request
Dec 19 04:13:11.309: LDAP: LDAP authentication request
Dec 19 04:13:11.309: LDAP: Invalid hash index 512, nothing to remove
Dec 19 04:13:11.309: LDAP: New LDAP request
Dec 19 04:13:11.309: LDAP: Attempting first  next available LDAP server
Dec 19 04:13:11.309: LDAP: Got next LDAP server :192.168.1.50
Dec 19 04:13:11.309: LDAP: Free connection not available. Open a new one.
Dec 19 04:13:11.309: LDAP: Opening ldap connection ( 192.168.1.50, 389 )ldap_open
ldap_init libldap 4.5 18-FEB-2000
open_ldap_connection
ldap_connect_to_host: 192.168.1.50:389

Dec 19 04:13:11.310: LDAP: socket open success 0
Dec 19 04:13:11.314: LDAP: socket 0 - connecting to 192.168.1.50 (389)
Dec 19 04:13:11.315: LDAP: socket 0 - connection in progress
Dec 19 04:13:11.315: LDAP: socket 0 - got local address 192.168.127.247
Dec 19 04:13:11.315: LDAP: Connection on socket 0
Dec 19 04:13:11.315: LDAP: Connection to LDAP server (192.168.1.50, 192.168.1.50) attempted
Dec 19 04:13:11.315: LDAP: Connection state: DOWN => CONNECTING
Dec 19 04:13:11.315: LDAP: LDAP request saved. Will be served after Root Bind is done.
Dec 19 04:13:11.315: LDAP: LDAP request successfully processed
Dec 19 04:13:11.338: LDAP: Received socket event
Dec 19 04:13:11.338: LDAP: Process socket event for socket = 0
Dec 19 04:13:11.338: LDAP: Conn Status = 1
Dec 19 04:13:11.338: LDAP: Non-TLS read event on socket 0
Dec 19 04:13:11.338: LDAP: Found socket ctx
Dec 19 04:13:11.338: LDAP: Making socket conn up
Dec 19 04:13:11.338: LDAP: Notify the protocol codeldap_open successful
Notify LDAP main if it has to initiate any bind requests

Dec 19 04:13:11.338: LDAP: Protocol received transport up notication
Dec 19 04:13:11.338: LDAP: Transport UP notification for 192.168.1.50/0
Dec 19 04:13:11.339: LDAP: Connection state: CONNECTING => UP
Dec 19 04:13:11.339: LDAP: Set socket=0 to non blocking mode
Dec 19 04:13:11.339: LDAP: Performing Root-Dn bind operationldap_req_encode
Doing socket write
Dec 19 04:13:11.339: LDAP: Root Bind on sttldap initiated.
Dec 19 04:13:11.339: LDAP: Received socket event
Dec 19 04:13:11.854: LDAP: Received socket event
Dec 19 04:13:11.854: LDAP: Process socket event for socket = 0
Dec 19 04:13:11.854: LDAP: Conn Status = 4
Dec 19 04:13:11.854: LDAP: Non-TLS read event on socket 0
Dec 19 04:13:11.854: LDAP: Found socket ctx
Dec 19 04:13:11.854: LDAP: Receive event: read=1, errno=11 (Resource temporarily unavailable)
Dec 19 04:13:11.854: LDAP: Passing the client ctx=3D97F1A0ldap_result
wait4msg (timeout 0 sec, 1 usec)
ldap_select_fd_wait (select)
ldap_read_activity lc 0x3DA36CE4

Doing socket read
LDAP-TCP:Bytes read = 110
ldap_match_request succeeded for msgid 1 h 0
changing lr 0x3D27D354 to COMPLETE as no continuations
removing request 0x3D27D354 from list as lm 0x3E1BE8BC all 0
ldap_msgfree
ldap_msgfree

Dec 19 04:13:11.855: LDAP: LDAP Messages to be processed: 1
Dec 19 04:13:11.855: LDAP: LDAP Message type: 97
Dec 19 04:13:11.855: LDAP: Got ldap transaction context from reqid 15ldap_parse_result

Dec 19 04:13:11.855: LDAP: resultCode:    49     (Invalid credentials)
Dec 19 04:13:11.855: LDAP: Received Bind Response
Dec 19 04:13:11.855: LDAP: Received Root Bind Response ldap_parse_result
ldap_err2string

Dec 19 04:13:11.855: LDAP: Ldap Result Msg: FAILED:Invalid credentials, Result code =49
Dec 19 04:13:11.855: LDAP: Failed to do Root Bind on sttldap. Bind anonymous
Dec 19 04:13:11.855: LDAP: Transaction context removed from list [ldap reqid=15]
Dec 19 04:13:11.855: LDAP: LDAP authentication request in ldap_transitQ
Dec 19 04:13:11.856: LDAP: First Task: Send search req
Dec 19 04:13:11.856: LDAP: Check the default map for aaa type=username
Dec 19 04:13:11.856: LDAP: Ldap Search Req sent
                    ld          1033367968
                    base dn     dc=cljoc,dc=com,dc=vn
                    scope       2
                    filter      (&(objectclass=Person)(cn=sttldap))ldap_req_encode
put_filter "(&(objectclass=Person)(cn=sttldap))"
put_filter: AND
put_filter_list "(objectclass=Person)(cn=sttldap)"
put_filter "(objectclass=Person)"
put_filter: simple
put_filter "(cn=sttldap)"
put_filter: simple
Doing socket write
Dec 19 04:13:11.856: LDAP: lctx conn index = 0
Dec 19 04:13:11.857: LDAP:  LDAP search request sent successfully (reqid:16)
Dec 19 04:13:11.857: LDAP: Sent transit request to serverUser rejected

Any idea on how to make this work?

Thanks,

Sy