Error messages appear when logging in to NuGenesis applications over a non-secure LDAP connection - WKB88030
SYMPTOMS
- The following message appears when logging in to NuGenesis SDMS applications with an LDAP account:
-
The following error occured while trying to connect to server <servername:389>
[NG17543] LDAP driver reports error : Strong authentication required (8)
A more secure authentication method is required for this server.
Strong authentication required.
Unable to bind to LDAP server.
-
-
The following message appears when logging in to a NuGenesis LMS client:
-
User or password is incorrect!
-
-
The following message appears in the NuGenesis LMS server.log file following a failed login to the client:
-
Problem accessing LDAP Server, e.g. user not available in LDAP: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090257, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580
-
-
Users can log in to NuGenesis SDMS with Oracle accounts such as ngprojmgr.
ENVIRONMENT
- NuGenesis 9
- NuGenesis 8
- LDAP authentication without SSL or TLS security is configured in NuGenesis SDMS and/or LMS
CAUSE
The domain controller is configured to require strong authentication methods for LDAP clients. Non-secure LDAP connections are by definition not strong authentication methods and are blocked by the server.
FIX or WORKAROUND
- Either enable SSL/TLS security in the LDAP configurations for NuGenesis SDMS/LMS or
- Per Microsoft's guidance in article 935834, set the group policies to disable LDAP Server integrity and LAP Client integrity
ADDITIONAL INFORMATION
id88030, ELN, NGLMS, NGLMSLIC, NGLMSOPT, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG