LO75743: SSO FOR WEB NOT WORKING IF AD PASSWORD & INTERNET PW ARE THE SAME
Closed as user error.
Domino 8.5.2FP3\Win7 Windows single sign-on for Web clients doesn't work if internet password in person record domino directory and active directory password are the same. Everything works fine if the passwords are not the same. This really should work. - Client password is "password 1" and AD password is "password 2" and everything works fine - Then you change the client password to "password 2" to match the AD password and it no longer works. - Added the following debug parameters to the server notes.ini followed by a server restart. Then test with both passwords being different so I can see it working. Then test with both passwords the same so I can see it fail. DEBUG_SSO_TRACE_LEVEL=2 WEBSAUTH_VERBOSE_TRACE=1 Console_log_enabled=1 Debug_ThreadID=1 Results on ecurep Examined the console.log: Following failure can be seen at 1:44 and even at 1:41 when attempt was successfull: [12648688:00053-10027] 14.05.2013 13:44:51.29 NAMELookup::<NAMEVerifyLDAPPassword>> BIND LDAP host='D00370003.AUTOMOBIL.DEKRA.DE:389' failed for user 'CN=A24766,OU=StandardUser,OU=User,OU=HV,OU=user,D C=company,DC=test,DC=de' error:'Invalid credentials' [12648688:00053-10027] 14.05.2013 13:44:51.29 NAMELookup::<NAMEVerifyLDAPPassword>> Informational: Restore LDAP msgid ='6' [12648688:00053-10027] 14.05.2013 13:44:51.29 NAMELookup::<NAMEVerifyLDAPPassword>> Restoring LDAP Connection for host='D00370003.company.test.DE:389' w/ user='AUTOMOBIL\C00999' [12648688:00053-10027] 14.05.2013 13:44:51.29 NAMELookup::<NAMEVerifyLDAPPassword>> Received error 'Error looking up name on LDAP Server; See server log for further details.' trying to verify LDAP credentials! [12648688:00017-10027] 14.05.2013 13:44:51.29 WebAuth> Unsuccessful LDAP BIND for user='CN=A24766/OU=StandardUserHV/OU=UserHV/OU=HV/OU=company /D C=company/DC=dekra/DC=de' -also LTPATOKEN and LTPATOKEN2 are existing Can L3 provide some further debug\assistance to determine the root cause here
Do not use the same password
This APAR is associated with SPR# PPOR98LKL8. The problem was caused by a user error or user misunderstanding.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following: