LDAP authentication problem. It finds the user, but does not connect. #854

New issue

Open

opened 2026-03-04 11:09:32 -05:00 by deekerman · 11 comments

deekerman commented 2026-03-04 11:09:32 -05:00

Owner

Copy link

Originally created by @DavidRisen on GitHub (Jan 26, 2025).

Originally assigned to: @HocKu7 on GitHub.

Hello,

I have configured the LDAP settings as shown below. The issue is that even with a valid login and password, an error occurs.
It finds the user, but cannot retrieve their identifier for some reason. In my Active Directory there is no 'userId' field.
In my case, the user's identifier is stored in sAMAccountName. Perhaps it cannot resolve symbols like CN=Теляков К.Н.?
But I haven't encountered this problem with any other service. I have already set up more than 10 LDAP services and there were no issues.

For example, let's take Portainer which does not cause any issues and might help to understand the core of the problem:
LDAP Server: personal.aurus.dom:389
Reader DN: CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
Password: **************
Base DN: OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
Username attribute: sAMAccountName
Filter: (objectСlass=user)

The ldap settings in cloudbeaver.conf (version 24.3.3):

authConfigurations: [
{
"id": "ldap",
"provider": "ldap",
"displayName": "LDAP",
"disabled": false,
"iconURL": "",
"description": "",
"parameters": {
"ldap-host": "personal.aurus.dom",
"ldap-port": "389",
"ldap-login": "sAMAccountName",
"ldap-dn": "OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom",
"ldap-identifier-attr": "sAMAccountName",
"ldap-bind-user": "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom",
"ldap-bind-user-pwd": "************",
"ldap-filter": "(objectClass=user)"
}
}
]

Error:
User authentication failed:
LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78)
at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570)
at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)

Originally created by @DavidRisen on GitHub (Jan 26, 2025). Originally assigned to: @HocKu7 on GitHub. Hello, I have configured the LDAP settings as shown below. The issue is that even with a valid login and password, an error occurs. It finds the user, but cannot retrieve their identifier for some reason. In my Active Directory there is no 'userId' field. In my case, the user's identifier is stored in sAMAccountName. Perhaps it cannot resolve symbols like CN=Теляков К.Н.? But I haven't encountered this problem with any other service. I have already set up more than 10 LDAP services and there were no issues. For example, let's take Portainer which does not cause any issues and might help to understand the core of the problem: LDAP Server: personal.aurus.dom:389 Reader DN: CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom Password: ************** Base DN: OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom Username attribute: sAMAccountName Filter: (objectСlass=user) The ldap settings in cloudbeaver.conf (version 24.3.3): authConfigurations: [ { "id": "ldap", "provider": "ldap", "displayName": "LDAP", "disabled": false, "iconURL": "", "description": "", "parameters": { "ldap-host": "personal.aurus.dom", "ldap-port": "389", "ldap-login": "sAMAccountName", "ldap-dn": "OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom", "ldap-identifier-attr": "sAMAccountName", "ldap-bind-user": "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom", "ldap-bind-user-pwd": "************", "ldap-filter": "(objectClass=user)" } } ] Error: User authentication failed: LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78) at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570) at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:569)

deekerman added the

xf:authentication

xf:ldap

labels 2026-03-04 11:09:32 -05:00

deekerman commented 2026-03-04 11:09:42 -05:00

Author

Owner

Copy link

@EvgeniaBzzz commented on GitHub (Jan 29, 2025):

Hi @DavidRisen
Thank you for the report. We need some more time to investigate your issue.

@EvgeniaBzzz commented on GitHub (Jan 29, 2025): Hi @DavidRisen Thank you for the report. We need some more time to investigate your issue.

deekerman commented 2026-03-04 11:09:51 -05:00

Author

Owner

Copy link

@EvgeniaBzzz commented on GitHub (Jan 31, 2025):

At the moment I can only say that the problem is not in cyrillic (in both cn parts). I tried to set up the same configuration and everything worked.

@EvgeniaBzzz commented on GitHub (Jan 31, 2025): At the moment I can only say that the problem is not in cyrillic (in both cn parts). I tried to set up the same configuration and everything worked.

deekerman commented 2026-03-04 11:09:51 -05:00

Author

Owner

Copy link

@DavidRisen commented on GitHub (Feb 1, 2025):

Hi @EvgeniaBzzz
Thank you for your reply. Then tell me your guesses why it might not work? I have configured many services with ldap authentication and only claudebeaver has problems. Maybe you need some information? Which will help you more quickly in finding the problems

@DavidRisen commented on GitHub (Feb 1, 2025): Hi @EvgeniaBzzz Thank you for your reply. Then tell me your guesses why it might not work? I have configured many services with ldap authentication and only claudebeaver has problems. Maybe you need some information? Which will help you more quickly in finding the problems

deekerman commented 2026-03-04 11:09:52 -05:00

Author

Owner

Copy link

@hardened-user commented on GitHub (Feb 6, 2025):

Same problem

            "authConfigurations": [
                {
                    "id": "ldap",
                    "provider": "ldap",
                    "displayName": "LDAP",
                    "disabled": false,
                    "iconURL": "",
                    "description": "",
                    "parameters": {
                        "ldap-host": "10.10.27.10",
                        "ldap-port": "389", 
                        "ldap-bind-user": "CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp",
                        "ldap-bind-user-pwd": "${LDAP_PASS}",
                        "ldap-dn": "OU=Users,OU=GRP,DC=dom,DC=corp",
                        "ldap-login": "sAMAccountName",
                        "ldap-identifier-attr": "sAMAccountName",
                        "ldap-filter": "(&(objectCategory=Person)(sAMAccountName=*))"
                    }
                }
            ],

CE v24.2.5

User authentication failed:
LDAP user access validation by filter failed: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of:
        'OU=Users,OU=GRP,DC=dom,DC=corp'
]
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of:
        'OU=Users,OU=GRP,DC=dom,DC=corp'
]; remaining name 'cn=cloud_beaver,OU=Users,OU=GRP,DC=dom,DC=corp'
        at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3285)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206)
        at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997)
        at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
        at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
        at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
        at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
        at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:296)
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateUserAccess(LdapAuthProvider.java:127)
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:84)
        at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1557)
        at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:569)

CE v24.3.4

User authentication failed:
LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp
org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217)
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334)
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113)
        at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78)
        at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570)
        at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)

@hardened-user commented on GitHub (Feb 6, 2025): Same problem ``` "authConfigurations": [ { "id": "ldap", "provider": "ldap", "displayName": "LDAP", "disabled": false, "iconURL": "", "description": "", "parameters": { "ldap-host": "10.10.27.10", "ldap-port": "389", "ldap-bind-user": "CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp", "ldap-bind-user-pwd": "${LDAP_PASS}", "ldap-dn": "OU=Users,OU=GRP,DC=dom,DC=corp", "ldap-login": "sAMAccountName", "ldap-identifier-attr": "sAMAccountName", "ldap-filter": "(&(objectCategory=Person)(sAMAccountName=*))" } } ], ``` CE v24.2.5 ``` User authentication failed: LDAP user access validation by filter failed: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=Users,OU=GRP,DC=dom,DC=corp' ] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=Users,OU=GRP,DC=dom,DC=corp' ]; remaining name 'cn=cloud_beaver,OU=Users,OU=GRP,DC=dom,DC=corp' at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3285) at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3206) at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2997) at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875) at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798) at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:296) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateUserAccess(LdapAuthProvider.java:127) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:84) at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1557) at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:569) ``` CE v24.3.4 ``` User authentication failed: LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78) at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570) at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) ```

deekerman commented 2026-03-04 11:09:53 -05:00

Author

Owner

Copy link

@EvgeniaBzzz commented on GitHub (Feb 6, 2025):

There was a filter issue which could be the reason of your errors. Fix is in devel branch, will be available in 24.3.5 (on 17th of Feb).

Now you can try to set the same identifier and filter:
"ldap-identifier-attr": "sAMAccountName"
"ldap-filter": "(sAMAccountName=*)"

If it works - just wait for the release

@EvgeniaBzzz commented on GitHub (Feb 6, 2025): There was a filter issue which could be the reason of your errors. Fix is in devel branch, will be available in 24.3.5 (on 17th of Feb). Now you can try to set the same identifier and filter: "ldap-identifier-attr": "sAMAccountName" "ldap-filter": "(sAMAccountName=*)" If it works - just wait for the release

deekerman commented 2026-03-04 11:09:54 -05:00

Author

Owner

Copy link

@hardened-user commented on GitHub (Feb 7, 2025):

@EvgeniaBzzz Unfortunately, such settings did not give an effect

@hardened-user commented on GitHub (Feb 7, 2025): @EvgeniaBzzz Unfortunately, such settings did not give an effect

deekerman commented 2026-03-04 11:09:57 -05:00

Author

Owner

Copy link

@DavidRisen commented on GitHub (Feb 9, 2025):

@EvgeniaBzzz Didn't help either, although ldapsearch works fine.

Example:
ldapsearch -h personal.aurus.dom -p 389 -D "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom" -w ************* "-b OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom" "(sAMAccountName=*)"
extended LDIF

LDAPv3
base < OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom> with scope subtree
filter: (sAMAccountName=*)
requesting: ALL

otdel10-2, otdel10, korpus 24, personal.aurus.dom
dn: CN=otdel10-2,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: otdel10-2
distinguishedName: CN=otdel10-2,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC
=dom
instanceType: 4
whenCreated: 20240215065613.0Z
whenChanged: 20250131055825.0Z
displayName: otdel10-2$
uSNCreated: 601163734
uSNChanged: 1506923124
name: otdel10-2
objectGUID:: su7s+8KihkSzKmXcZ/rBHg==
userAccountControl: 4096
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 133832947236953578
localPolicyFlags: 0
pwdLastSet: 133808754132469816
primaryGroupID: 515
objectSid:: AQUAAAAAAAUVAAAAep1gNka7jbGBTEO/yFQAAA==
accountExpires: 9223372036854775807
logonCount: 470
sAMAccountName: otdel10-2$
sAMAccountType: 805306369
operatingSystem: Windows 10 Pro
operatingSystemVersion: 10.0 (19044)
dNSHostName: otdel10-2.personal.aurus.dom
servicePrincipalName: TERMSRV/otdel10-2
servicePrincipalName: TERMSRV/otdel10-2.personal.aurus.dom
servicePrincipalName: WSMAN/otdel10-2.personal.aurus.dom
servicePrincipalName: RestrictedKrbHost/otdel10-2.personal.aurus.dom
servicePrincipalName: HOST/otdel10-2.personal.aurus.dom
servicePrincipalName: WSMAN/otdel10-2
servicePrincipalName: RestrictedKrbHost/otdel10-2
servicePrincipalName: HOST/otdel10-2
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=aurus,DC=dom
isCriticalSystemObject: FALSE
dSCorePropagationData: 20240215075512.0Z
dSCorePropagationData: 16010101000001.0Z
lastLogonTimestamp: 133827766924310811
msDS-SupportedEncryptionTypes: 30

\D0\9E\D1\80\D0\BB\D0\BE\D0\B2 \D0\A0. \D0\A1., 25, otdel10, korpus 24, perso
nal.aurus.dom
dn:: Q0490J7RgNC70L7QsiDQoC4g0KEuLE9VPTI1LE9VPW90ZDEyMDEsT1U9a29ycHVzIDI0LERDP
XBlcnNvbmFsLERDPW5wb21hc2gsREM9ZG9t
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn:: 0J7RgNC70L7QsiDQoC4g0KEu
sn:: 0J7RgNC70L7Qsg==
c: RU
title:: 0L3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsA==
description:: 0JjQt9C80LXQvdC10L3QsCDQtNC+0LvQttC90L7RgdGC0Yw6INCy0LXQtNGD0YnQ
uNC5INC40L3QttC10L3QtdGAIC0+INC90LDRh9Cw0LvRjNC90LjQuiDQvtGC0LTQtdC70LA=
businessCategory: 16-61
businessCategory: otdel10
physicalDeliveryOfficeName:: 0LrQvtGA0L/Rg9GBIDI0ICDRjdGC0LDQtiAyICDQutC+0LzQv
dCw0YLQsCAyNA==
telephoneNumber: 52-16
givenName:: 0KDQsNC00LjQvtC9
initials:: 0KAuINChLg==
distinguishedName:: Q0490J7RgNC70L7QsiDQoC4g0KEuLE9VPTI1LE9VPW90ZDEyMDEsT1U9a2
9ycHVzIDI0LERDPXBlcnNvbmFsLERDPW5wb21hc2gsREM9ZG9t
instanceType: 4
whenCreated: 20160905051655.0Z
whenChanged: 20250203055434.0Z
displayName:: 0J7RgNC70L7QsiDQoNCw0LTQuNC+0L0g0KHQtdGA0LPQtdC10LLQuNGH
otherTelephone: 777-87-48
uSNCreated: 60031
memberOf: CN=otdel10,OU=25,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=d
om
uSNChanged: 1512008342
department:: 0J/RgNC+0LXQutGC0LjRgNC+0LLQsNC90LjQtSDRgdC40YHRgtC10Lwg0Lgg0LrQv
tC80L/Qu9C10LrRgdC+0LIg0JLQktCiINC40JrQoSDQptC10L3RgtGA0LAg0YHQuNGC0YPQsNGG0L
jQvtC90L3QvtCz0L4g
streetAddress:: MjQg0LrQvtGA0L/Rg9GBLCAyINGN0YLQsNC2LCDQui4gMjU=
employeeType: 503
name:: 0J7RgNC70L7QsiDQoC4g0KEu
objectGUID:: 8v6PhtKy7k6i3k+gy1MwXQ==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 1049
employeeID: 23456
badPasswordTime: 133825126187076223
lastLogoff: 0
lastLogon: 133834815719691138
localeID: 203
pwdLastSet: 133830356667820175
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAep1gNka7jbGBTEO/PzMAAA==
accountExpires: 9223372036854775807
logonCount: 1564
sAMAccountName: 23456
sAMAccountType: 805306368
userPrincipalName: 23456@personal.aurus.dom
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=aurus,DC=dom
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 133827756974893283
mail: 23456@personal.aurus.dom
departmentNumber: otdel10
middleName:: 0KHQtdGA0LPQtdC10LLQuNGH

@DavidRisen commented on GitHub (Feb 9, 2025): @EvgeniaBzzz Didn't help either, although ldapsearch works fine. Example: ldapsearch -h personal.aurus.dom -p 389 -D "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom" -w ************* "-b OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom" "(sAMAccountName=*)" extended LDIF LDAPv3 base < OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom> with scope subtree filter: (sAMAccountName=*) requesting: ALL otdel10-2, otdel10, korpus 24, personal.aurus.dom dn: CN=otdel10-2,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: otdel10-2 distinguishedName: CN=otdel10-2,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC =dom instanceType: 4 whenCreated: 20240215065613.0Z whenChanged: 20250131055825.0Z displayName: otdel10-2$ uSNCreated: 601163734 uSNChanged: 1506923124 name: otdel10-2 objectGUID:: su7s+8KihkSzKmXcZ/rBHg== userAccountControl: 4096 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 133832947236953578 localPolicyFlags: 0 pwdLastSet: 133808754132469816 primaryGroupID: 515 objectSid:: AQUAAAAAAAUVAAAAep1gNka7jbGBTEO/yFQAAA== accountExpires: 9223372036854775807 logonCount: 470 sAMAccountName: otdel10-2$ sAMAccountType: 805306369 operatingSystem: Windows 10 Pro operatingSystemVersion: 10.0 (19044) dNSHostName: otdel10-2.personal.aurus.dom servicePrincipalName: TERMSRV/otdel10-2 servicePrincipalName: TERMSRV/otdel10-2.personal.aurus.dom servicePrincipalName: WSMAN/otdel10-2.personal.aurus.dom servicePrincipalName: RestrictedKrbHost/otdel10-2.personal.aurus.dom servicePrincipalName: HOST/otdel10-2.personal.aurus.dom servicePrincipalName: WSMAN/otdel10-2 servicePrincipalName: RestrictedKrbHost/otdel10-2 servicePrincipalName: HOST/otdel10-2 objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=aurus,DC=dom isCriticalSystemObject: FALSE dSCorePropagationData: 20240215075512.0Z dSCorePropagationData: 16010101000001.0Z lastLogonTimestamp: 133827766924310811 msDS-SupportedEncryptionTypes: 30 \D0\9E\D1\80\D0\BB\D0\BE\D0\B2 \D0\A0. \D0\A1., 25, otdel10, korpus 24, perso nal.aurus.dom dn:: Q0490J7RgNC70L7QsiDQoC4g0KEuLE9VPTI1LE9VPW90ZDEyMDEsT1U9a29ycHVzIDI0LERDP XBlcnNvbmFsLERDPW5wb21hc2gsREM9ZG9t objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn:: 0J7RgNC70L7QsiDQoC4g0KEu sn:: 0J7RgNC70L7Qsg== c: RU title:: 0L3QsNGH0LDQu9GM0L3QuNC6INC+0YLQtNC10LvQsA== description:: 0JjQt9C80LXQvdC10L3QsCDQtNC+0LvQttC90L7RgdGC0Yw6INCy0LXQtNGD0YnQ uNC5INC40L3QttC10L3QtdGAIC0+INC90LDRh9Cw0LvRjNC90LjQuiDQvtGC0LTQtdC70LA= businessCategory: 16-61 businessCategory: otdel10 physicalDeliveryOfficeName:: 0LrQvtGA0L/Rg9GBIDI0ICDRjdGC0LDQtiAyICDQutC+0LzQv dCw0YLQsCAyNA== telephoneNumber: 52-16 givenName:: 0KDQsNC00LjQvtC9 initials:: 0KAuINChLg== distinguishedName:: Q0490J7RgNC70L7QsiDQoC4g0KEuLE9VPTI1LE9VPW90ZDEyMDEsT1U9a2 9ycHVzIDI0LERDPXBlcnNvbmFsLERDPW5wb21hc2gsREM9ZG9t instanceType: 4 whenCreated: 20160905051655.0Z whenChanged: 20250203055434.0Z displayName:: 0J7RgNC70L7QsiDQoNCw0LTQuNC+0L0g0KHQtdGA0LPQtdC10LLQuNGH otherTelephone: 777-87-48 uSNCreated: 60031 memberOf: CN=otdel10,OU=25,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=d om uSNChanged: 1512008342 department:: 0J/RgNC+0LXQutGC0LjRgNC+0LLQsNC90LjQtSDRgdC40YHRgtC10Lwg0Lgg0LrQv tC80L/Qu9C10LrRgdC+0LIg0JLQktCiINC40JrQoSDQptC10L3RgtGA0LAg0YHQuNGC0YPQsNGG0L jQvtC90L3QvtCz0L4g streetAddress:: MjQg0LrQvtGA0L/Rg9GBLCAyINGN0YLQsNC2LCDQui4gMjU= employeeType: 503 name:: 0J7RgNC70L7QsiDQoC4g0KEu objectGUID:: 8v6PhtKy7k6i3k+gy1MwXQ== userAccountControl: 544 badPwdCount: 0 codePage: 0 countryCode: 1049 employeeID: 23456 badPasswordTime: 133825126187076223 lastLogoff: 0 lastLogon: 133834815719691138 localeID: 203 pwdLastSet: 133830356667820175 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAep1gNka7jbGBTEO/PzMAAA== accountExpires: 9223372036854775807 logonCount: 1564 sAMAccountName: 23456 sAMAccountType: 805306368 userPrincipalName: 23456@personal.aurus.dom lockoutTime: 0 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=aurus,DC=dom dSCorePropagationData: 16010101000000.0Z lastLogonTimestamp: 133827756974893283 mail: 23456@personal.aurus.dom departmentNumber: otdel10 middleName:: 0KHQtdGA0LPQtdC10LLQuNGH

deekerman commented 2026-03-04 11:10:01 -05:00

Author

Owner

Copy link

@hardened-user commented on GitHub (Feb 20, 2025):

dbeaver/cloudbeaver:24.3.5

User authentication failed:
LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp
org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp
    at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:231)
    at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:361)
    at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:118)
    at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:81)
    at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1571)
    at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92)
    at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
    at java.base/java.lang.reflect.Method.invoke(Method.java:580)

@hardened-user commented on GitHub (Feb 20, 2025): dbeaver/cloudbeaver:24.3.5 ``` User authentication failed: LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=cloud_beaver,OU=ServiceAccounts,OU=Users,OU=GRP,DC=dom,DC=corp at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:231) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:361) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:118) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:81) at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1571) at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) ```

deekerman commented 2026-03-04 11:10:01 -05:00

Author

Owner

Copy link

@HocKu7 commented on GitHub (Feb 28, 2025):

@DavidRisen Hi. You need to change
"ldap-identifier-attr": "sAMAccountName" to "ldap-identifier-attr": "cn" and let me know if it helps

@HocKu7 commented on GitHub (Feb 28, 2025): @DavidRisen Hi. You need to change `"ldap-identifier-attr": "sAMAccountName"` to `"ldap-identifier-attr": "cn"` and let me know if it helps

deekerman commented 2026-03-04 11:10:02 -05:00

Author

Owner

Copy link

@hardened-user commented on GitHub (Feb 28, 2025):

@HocKu7 Hi, it's working for me, but only in uppercase, thx

@hardened-user commented on GitHub (Feb 28, 2025): @HocKu7 Hi, it's working for me, but only in **uppercase**, thx

deekerman commented 2026-03-04 11:10:03 -05:00

Author

Owner

Copy link

@nickramos94 commented on GitHub (Oct 16, 2025):

@HocKu7 Hi, it's working for me, but only in uppercase, thx

Same for me, I think that this ought to be fixed sometime in the future to reflect the official Cloudbeaver documentation that suggests to use "cn" in lowercase.

@nickramos94 commented on GitHub (Oct 16, 2025): > [@HocKu7](https://github.com/HocKu7) Hi, it's working for me, but only in **uppercase**, thx Same for me, I think that this ought to be fixed sometime in the future to reflect the official Cloudbeaver documentation that suggests to use "cn" in lowercase.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

devel

8433-cb-replace-material-ui-with-native-css-variables-and-tailwind-utilities

release_26_0_0

7566-cb-add-settings-functionality-to-the-new-tree

8307-cb-bump-npm-dependencies

8557-cb-npe-cannot-invoke-stringlength-because-ipstring-is-null

7565-cb-implement-dnd-functionality-in-the-new-tree

7023-cb-find-and-replace-new

8479-sql-file-cant-be-opened-with-opened-dbeaver

dbeaver/pro#8467-fix-npe-read-only

dbeaver/pro#8149-fix-audit-loging-ip

dbeaver/pro#7657-debounce-loading-state

dbeaver/pro#8149-fix-empty-ip-in-audit-logging

8504-deadlock-fix

dbeaver/pro#8355-navigator-hover-perf

hotfix/8441-dbvr-ssl-parameters-are-broke

8394-test-ssh-with-connection-fix

8441-dbvr-ssl-parameters-are-broken

8298-cb-script-variables-improvements

8223-warning-message

3815-ctrl-z-is-unstable-lib-523-version

dbeaver/pro#8190-mask-credentials

8279-cb-rename-ce-and-ee-products

8068-cb-ai-language-dropdown-improvement

dbeaver/pro#8423-patch-resolutions

dbeaver/pro#8372

dbeaver/pro#8444-fix-error-message

8462-session-npe

dbeaver/pro#8281-check-inner-database-password

dbeaver/pro#8413-fix-fr-locale

8065-lsp-front-end

dbeaver/pro#7844-cb-lsp-server

dbeaver/pro#8023-error-descriptions

8196-validate-project-connection-copy

dbeaver/pro#7628-fix-session-refresh-on-server-config-update

8283-restrict-get-gql-request

dbeaver/pro#8317-filter-all-status

dbeaver/pro#7511-origin-details-avoid-call

8305-cb-the-generated-custom-ssl-certificate-domain-is-not-displayed

8351-devlmode

dbeaver/pro#6761-network-mode-host-config

release_25_3_5

dbeaver/pro#8047-create-sql-dialog-for-result-set-frontend-3

dbeaver/pro#8325-fix-oracle-selects-generation

dbeaver/pro#8385-fix-oracle-selects-generation

dbeaver/pro#8047-resultset-sql-generation

dbeaver/pro#8197-connection-preferences-form

dbeaver/pro#8119-add-project-cli-commands

8142-remove-public-cloudbeaver-url

dbeaver/pro#8044-add-api-for-database-user-preference

6306-api-for-original-query

6998-cb-ability-to-clone-connections

4999-cb-5633-data-editor-icons-to-see-pk-details

release_25_3_4

dbeaver/pro#7897-user-connection-view

dbeaver/pro#7975-pk-info

dbeaver/pro#7383-pointer-box-sizes

dbeaver/pro#7458-issues-with-fetching

7023-cb-find-and-replace-functionality-in-the-data-editor

8064-match-features-from-license

8016-move-ai-classes

release_25_3_3

dbeaver/pro#7936-change-object-settings-table

dbeaver/pro#7881-fix-unauthorized-qm-session-creation

4917-save-project-info-in-one-place

dbeaver/pro#7857-ai-language

8051-cb-bug-data-formatting-only-time-columns-not-supported

dbeaver/dbeaver-devops#2370-mvnw

dbeaver/pro#5880-object-viewer-min-col-width

7953-cb-ability-to-pin-rows-in-the-data-editor

40069-auto-commit-config-redesign

39210-sybase-dialect

devops-2221-base-java-repo

dbeaver/pro#7618-lsp-server-api

7710-dbvr-cli-connection-management-command

7923-cb-ws-events-are-misconfigured

7850-marketplace-licenses

release_25_3_2

dbeaver/dbeaver-devops#1604-non-root-user-25-2

release_25_3_1

release_25_3_0

release_25_2_5

dbeaver/pro#5930-cb-resultset-ordering-policy

dbeaver/pro#5267/auth-providers-refactoring

dbeaver/pro#6364-add-option-to-set-default-view-for-project

release_25_2_4

dbeaver/pro#5476-task-scheduler-refactor

release_25_2_3

7128-remove-deprecated-api

release_25_2_0

release_25_2_1

release_25_2_2

4569-cb-3681-use-something-better-than-md5-hash-to-pass-local-user-passwords

dbeaver/dbeaver-devops#1604-non-root-user-without-user-in-image

dbeaver/pro#6976-logging-poc

6409-cb-find-a-new-library-for-charts

6090-cb-highlighting-of-the-selected-menu-item-and-the-hovered-one-should-be-different

dbeaver/pro#6324-cursor-sync

dbeaver/pro#5630-add-cache-for-queries

5188-add-replicas-to-sysinfo

dbeaver/pro#5574/fix/multi-query-vqb

dbeaver/pro#5802/feat/table-api

5664-cb-vscode-value-panel-support-text-format

CB-6291-build-local-script-do-not-clone-all-required-repos-for-successful-build

4288-core-fix-critical-cve-2022-0839-and-cve-2022-0839-in-liquibase-bundle

3944-model-data

4207-core-duplicate-cb-session-id-in-dc-side

chore/update-vite-assets-plugin

25.1.5

25.1.4

25.1.3

25.1.2

25.1.1

25.1.0

25.0.5

25.0.4

25.0.3

25.0.2

25.0.1

25.0.0

24.3.5

24.3.4

24.3.3

24.3.2

24.3.0

24.3.1

24.2.5

24.2.4

24.2.3

24.2.2

24.2.1

24.2.0

24.1.5

24.1.4

24.1.3

24.1.2

24.1.0

24.1.1

24.0.5

24.0.4

24.0.3

24.0.2

24.0.1

24.0.0

23.3.5

23.3.4

23.3.3

23.3.2

23.3.1

23.3.0

23.2.5

23.2.4

23.2.3

23.2.2

23.2.1

23.2.0

23.1.5

23.1.4

23.1.3

23.1.2

23.1.1

v23.1.0

v23_0_5

21.3.3

21.2.4

1.2.0

1.1.0

1.0.4

1.0.3

1.0.1b

1.0.2

1.0.1

1.0.0

Labels

Clear labels   

AS

  

can't reproduce

  

can't reproduce

  

deployment

  

development

  

documentation

  

duplicate

  

duplicate

  

ee

  

enhancement

  

external

  

new driver

  

performance

  

third party issue

  

wait for response

  

wait for review

  

wontfix

  

x:Oracle

  

x:cassandra

  

x:clickhouse

  

x:db2

  

x:duckdb

  

x:greenplum

  

x:h2

  

x:h2gis

  

x:hana

  

x:hive

  

x:intersystems

  

x:kyuubi

  

x:maria

  

x:mongo

  

x:mysql

  

x:postgresql

  

x:presto

  

x:sql server

  

x:sqlite

  

x:teradata

  

x:trino

  

xf:accessibility

  

xf:administration

  

xf:authentication

  

xf:aws

  

xf:commit-mode

  

xf:connection

  

xf:data editor

  

xf:datatransfer

  

xf:dba

  

xf:driver management

  

xf:erd

  

xf:filters

  

xf:i18n

  

xf:i18n

  

xf:installer

  

xf:json

  

xf:ldap

  

xf:local config

  

xf:log viewer

  

xf:metadata

  

xf:metadata editor

  

xf:navigator

  

xf:okta

  

xf:query manager

  

xf:resource manager

  

xf:scripts

  

xf:sql editor

  

xf:tasks

  

xf:ui/uix

  

xo: Firefox

  

xo:eclipse

  

xo:internet explorer

  

xo:macos

  

xp:major

  

xrn:internal

No labels

AS

can't reproduce

can't reproduce

deployment

development

documentation

duplicate

duplicate

ee

enhancement

external

new driver

performance

third party issue

wait for response

wait for review

wontfix

x:Oracle

x:cassandra

x:clickhouse

x:db2

x:duckdb

x:greenplum

x:h2

x:h2gis

x:hana

x:hive

x:intersystems

x:kyuubi

x:maria

x:mongo

x:mysql

x:postgresql

x:presto

x:sql server

x:sqlite

x:teradata

x:trino

xf:accessibility

xf:administration

xf:authentication

xf:aws

xf:commit-mode

xf:connection

xf:data editor

xf:datatransfer

xf:dba

xf:driver management

xf:erd

xf:filters

xf:i18n

xf:i18n

xf:installer

xf:json

xf:ldap

xf:local config

xf:log viewer

xf:metadata

xf:metadata editor

xf:navigator

xf:okta

xf:query manager

xf:resource manager

xf:scripts

xf:sql editor

xf:tasks

xf:ui/uix

xo: Firefox

xo:eclipse

xo:internet explorer

xo:macos

xp:major

xrn:internal

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cloudbeaver#854

No description provided.