LDAP Login in Active Directory Environments with Multiple Subfolders #793

New issue

Open

opened 2026-03-04 11:00:05 -05:00 by deekerman · 0 comments

deekerman commented 2026-03-04 11:00:05 -05:00

Owner

Copy link

Originally created by @valentin2105 on GitHub (Sep 29, 2024).

Describe the bug

The LDAP connection works as expected in a typical LDAP setup when all users are located within the same Organizational Unit (OU).

However, in an Active Directory environment with multiple subfolders, users are required to provide the full distinguished name (DN) for login. For example:

CN=Valentin Ouvrard,OU=Users,OU=DSI,OU=Bureau1,OU=SITES,DC=place-holder,DC=prod

Even though the base DN is configured correctly (e.g., DC=place-holder,DC=prod), the LDAP login is unable to traverse or search through subfolders to find users in different OUs.

Steps to Reproduce

Set up LDAP in CloudBeaver with an Active Directory that has users organized in multiple sub-OUs.

Attempt to log in with a user account that is located in a subfolder (OU).

Example structure:

OU=Users
  OU=DSI
    OU=Bureau1
      OU=SITES

You will encounter the following error:

Caused by: org.jkiss.dbeaver.DBException: LDAP user access validation by filter failed: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=place-holder,DC=prod'
]

Expected Behavior
The LDAP login should be able to search through all subfolders under the configured base DN without requiring the user to provide the full DN path.

Originally created by @valentin2105 on GitHub (Sep 29, 2024). **Describe the bug** The LDAP connection works as expected in a typical LDAP setup when all users are located within the same Organizational Unit (OU). However, in an Active Directory environment with multiple subfolders, users are required to provide the full distinguished name (DN) for login. For example: `CN=Valentin Ouvrard,OU=Users,OU=DSI,OU=Bureau1,OU=SITES,DC=place-holder,DC=prod` Even though the base DN is configured correctly (e.g., DC=place-holder,DC=prod), the LDAP login is unable to traverse or search through subfolders to find users in different OUs. **Steps to Reproduce** Set up LDAP in CloudBeaver with an Active Directory that has users organized in multiple sub-OUs. Attempt to log in with a user account that is located in a subfolder (OU). Example structure: ``` OU=Users OU=DSI OU=Bureau1 OU=SITES ``` You will encounter the following error: ``` Caused by: org.jkiss.dbeaver.DBException: LDAP user access validation by filter failed: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310028D, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=place-holder,DC=prod' ] ``` **Expected Behavior** The LDAP login should be able to search through all subfolders under the configured base DN without requiring the user to provide the full DN path.

deekerman added the

xf:authentication

xf:administration

xf:ldap

wait for response

labels 2026-03-04 11:00:05 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

devel

8433-cb-replace-material-ui-with-native-css-variables-and-tailwind-utilities

release_26_0_0

7566-cb-add-settings-functionality-to-the-new-tree

8307-cb-bump-npm-dependencies

8557-cb-npe-cannot-invoke-stringlength-because-ipstring-is-null

7565-cb-implement-dnd-functionality-in-the-new-tree

7023-cb-find-and-replace-new

8479-sql-file-cant-be-opened-with-opened-dbeaver

dbeaver/pro#8467-fix-npe-read-only

dbeaver/pro#8149-fix-audit-loging-ip

dbeaver/pro#7657-debounce-loading-state

dbeaver/pro#8149-fix-empty-ip-in-audit-logging

8504-deadlock-fix

dbeaver/pro#8355-navigator-hover-perf

hotfix/8441-dbvr-ssl-parameters-are-broke

8394-test-ssh-with-connection-fix

8441-dbvr-ssl-parameters-are-broken

8298-cb-script-variables-improvements

8223-warning-message

3815-ctrl-z-is-unstable-lib-523-version

dbeaver/pro#8190-mask-credentials

8279-cb-rename-ce-and-ee-products

8068-cb-ai-language-dropdown-improvement

dbeaver/pro#8423-patch-resolutions

dbeaver/pro#8372

dbeaver/pro#8444-fix-error-message

8462-session-npe

dbeaver/pro#8281-check-inner-database-password

dbeaver/pro#8413-fix-fr-locale

8065-lsp-front-end

dbeaver/pro#7844-cb-lsp-server

dbeaver/pro#8023-error-descriptions

8196-validate-project-connection-copy

dbeaver/pro#7628-fix-session-refresh-on-server-config-update

8283-restrict-get-gql-request

dbeaver/pro#8317-filter-all-status

dbeaver/pro#7511-origin-details-avoid-call

8305-cb-the-generated-custom-ssl-certificate-domain-is-not-displayed

8351-devlmode

dbeaver/pro#6761-network-mode-host-config

release_25_3_5

dbeaver/pro#8047-create-sql-dialog-for-result-set-frontend-3

dbeaver/pro#8325-fix-oracle-selects-generation

dbeaver/pro#8385-fix-oracle-selects-generation

dbeaver/pro#8047-resultset-sql-generation

dbeaver/pro#8197-connection-preferences-form

dbeaver/pro#8119-add-project-cli-commands

8142-remove-public-cloudbeaver-url

dbeaver/pro#8044-add-api-for-database-user-preference

6306-api-for-original-query

6998-cb-ability-to-clone-connections

4999-cb-5633-data-editor-icons-to-see-pk-details

release_25_3_4

dbeaver/pro#7897-user-connection-view

dbeaver/pro#7975-pk-info

dbeaver/pro#7383-pointer-box-sizes

dbeaver/pro#7458-issues-with-fetching

7023-cb-find-and-replace-functionality-in-the-data-editor

8064-match-features-from-license

8016-move-ai-classes

release_25_3_3

dbeaver/pro#7936-change-object-settings-table

dbeaver/pro#7881-fix-unauthorized-qm-session-creation

4917-save-project-info-in-one-place

dbeaver/pro#7857-ai-language

8051-cb-bug-data-formatting-only-time-columns-not-supported

dbeaver/dbeaver-devops#2370-mvnw

dbeaver/pro#5880-object-viewer-min-col-width

7953-cb-ability-to-pin-rows-in-the-data-editor

40069-auto-commit-config-redesign

39210-sybase-dialect

devops-2221-base-java-repo

dbeaver/pro#7618-lsp-server-api

7710-dbvr-cli-connection-management-command

7923-cb-ws-events-are-misconfigured

7850-marketplace-licenses

release_25_3_2

dbeaver/dbeaver-devops#1604-non-root-user-25-2

release_25_3_1

release_25_3_0

release_25_2_5

dbeaver/pro#5930-cb-resultset-ordering-policy

dbeaver/pro#5267/auth-providers-refactoring

dbeaver/pro#6364-add-option-to-set-default-view-for-project

release_25_2_4

dbeaver/pro#5476-task-scheduler-refactor

release_25_2_3

7128-remove-deprecated-api

release_25_2_0

release_25_2_1

release_25_2_2

4569-cb-3681-use-something-better-than-md5-hash-to-pass-local-user-passwords

dbeaver/dbeaver-devops#1604-non-root-user-without-user-in-image

dbeaver/pro#6976-logging-poc

6409-cb-find-a-new-library-for-charts

6090-cb-highlighting-of-the-selected-menu-item-and-the-hovered-one-should-be-different

dbeaver/pro#6324-cursor-sync

dbeaver/pro#5630-add-cache-for-queries

5188-add-replicas-to-sysinfo

dbeaver/pro#5574/fix/multi-query-vqb

dbeaver/pro#5802/feat/table-api

5664-cb-vscode-value-panel-support-text-format

CB-6291-build-local-script-do-not-clone-all-required-repos-for-successful-build

4288-core-fix-critical-cve-2022-0839-and-cve-2022-0839-in-liquibase-bundle

3944-model-data

4207-core-duplicate-cb-session-id-in-dc-side

chore/update-vite-assets-plugin

25.1.5

25.1.4

25.1.3

25.1.2

25.1.1

25.1.0

25.0.5

25.0.4

25.0.3

25.0.2

25.0.1

25.0.0

24.3.5

24.3.4

24.3.3

24.3.2

24.3.0

24.3.1

24.2.5

24.2.4

24.2.3

24.2.2

24.2.1

24.2.0

24.1.5

24.1.4

24.1.3

24.1.2

24.1.0

24.1.1

24.0.5

24.0.4

24.0.3

24.0.2

24.0.1

24.0.0

23.3.5

23.3.4

23.3.3

23.3.2

23.3.1

23.3.0

23.2.5

23.2.4

23.2.3

23.2.2

23.2.1

23.2.0

23.1.5

23.1.4

23.1.3

23.1.2

23.1.1

v23.1.0

v23_0_5

21.3.3

21.2.4

1.2.0

1.1.0

1.0.4

1.0.3

1.0.1b

1.0.2

1.0.1

1.0.0

Labels

Clear labels   

AS

  

can't reproduce

  

can't reproduce

  

deployment

  

development

  

documentation

  

duplicate

  

duplicate

  

ee

  

enhancement

  

external

  

new driver

  

performance

  

third party issue

  

wait for response

  

wait for review

  

wontfix

  

x:Oracle

  

x:cassandra

  

x:clickhouse

  

x:db2

  

x:duckdb

  

x:greenplum

  

x:h2

  

x:h2gis

  

x:hana

  

x:hive

  

x:intersystems

  

x:kyuubi

  

x:maria

  

x:mongo

  

x:mysql

  

x:postgresql

  

x:presto

  

x:sql server

  

x:sqlite

  

x:teradata

  

x:trino

  

xf:accessibility

  

xf:administration

  

xf:authentication

  

xf:aws

  

xf:commit-mode

  

xf:connection

  

xf:data editor

  

xf:datatransfer

  

xf:dba

  

xf:driver management

  

xf:erd

  

xf:filters

  

xf:i18n

  

xf:i18n

  

xf:installer

  

xf:json

  

xf:ldap

  

xf:local config

  

xf:log viewer

  

xf:metadata

  

xf:metadata editor

  

xf:navigator

  

xf:okta

  

xf:query manager

  

xf:resource manager

  

xf:scripts

  

xf:sql editor

  

xf:tasks

  

xf:ui/uix

  

xo: Firefox

  

xo:eclipse

  

xo:internet explorer

  

xo:macos

  

xp:major

  

xrn:internal

No labels

AS

can't reproduce

can't reproduce

deployment

development

documentation

duplicate

duplicate

ee

enhancement

external

new driver

performance

third party issue

wait for response

wait for review

wontfix

x:Oracle

x:cassandra

x:clickhouse

x:db2

x:duckdb

x:greenplum

x:h2

x:h2gis

x:hana

x:hive

x:intersystems

x:kyuubi

x:maria

x:mongo

x:mysql

x:postgresql

x:presto

x:sql server

x:sqlite

x:teradata

x:trino

xf:accessibility

xf:administration

xf:authentication

xf:aws

xf:commit-mode

xf:connection

xf:data editor

xf:datatransfer

xf:dba

xf:driver management

xf:erd

xf:filters

xf:i18n

xf:i18n

xf:installer

xf:json

xf:ldap

xf:local config

xf:log viewer

xf:metadata

xf:metadata editor

xf:navigator

xf:okta

xf:query manager

xf:resource manager

xf:scripts

xf:sql editor

xf:tasks

xf:ui/uix

xo: Firefox

xo:eclipse

xo:internet explorer

xo:macos

xp:major

xrn:internal

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cloudbeaver#793

No description provided.