[GH-ISSUE #3212] LDAP authentication problem. It finds the user, but does not connect. #1172

New issue

Open

opened 2026-03-07 21:00:31 +03:00 by kerem · 0 comments

kerem commented

2026-03-07 21:00:31 +03:00

Owner

Originally created by @DavidRisen on GitHub (Jan 26, 2025).
Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3212

Originally assigned to: @HocKu7 on GitHub.

Hello,

I have configured the LDAP settings as shown below. The issue is that even with a valid login and password, an error occurs.
It finds the user, but cannot retrieve their identifier for some reason. In my Active Directory there is no 'userId' field.
In my case, the user's identifier is stored in sAMAccountName. Perhaps it cannot resolve symbols like CN=Теляков К.Н.?
But I haven't encountered this problem with any other service. I have already set up more than 10 LDAP services and there were no issues.

For example, let's take Portainer which does not cause any issues and might help to understand the core of the problem:
LDAP Server: personal.aurus.dom:389
Reader DN: CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
Password: **************
Base DN: OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
Username attribute: sAMAccountName
Filter: (objectСlass=user)

The ldap settings in cloudbeaver.conf (version 24.3.3):

authConfigurations: [
{
"id": "ldap",
"provider": "ldap",
"displayName": "LDAP",
"disabled": false,
"iconURL": "",
"description": "",
"parameters": {
"ldap-host": "personal.aurus.dom",
"ldap-port": "389",
"ldap-login": "sAMAccountName",
"ldap-dn": "OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom",
"ldap-identifier-attr": "sAMAccountName",
"ldap-bind-user": "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom",
"ldap-bind-user-pwd": "************",
"ldap-filter": "(objectClass=user)"
}
}
]

Error:
User authentication failed:
LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113)
at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78)
at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570)
at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)

Originally created by @DavidRisen on GitHub (Jan 26, 2025). Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3212 Originally assigned to: @HocKu7 on GitHub. Hello, I have configured the LDAP settings as shown below. The issue is that even with a valid login and password, an error occurs. It finds the user, but cannot retrieve their identifier for some reason. In my Active Directory there is no 'userId' field. In my case, the user's identifier is stored in sAMAccountName. Perhaps it cannot resolve symbols like CN=Теляков К.Н.? But I haven't encountered this problem with any other service. I have already set up more than 10 LDAP services and there were no issues. For example, let's take Portainer which does not cause any issues and might help to understand the core of the problem: LDAP Server: personal.aurus.dom:389 Reader DN: CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom Password: ************** Base DN: OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom Username attribute: sAMAccountName Filter: (objectСlass=user) The ldap settings in cloudbeaver.conf (version 24.3.3): authConfigurations: [ { "id": "ldap", "provider": "ldap", "displayName": "LDAP", "disabled": false, "iconURL": "", "description": "", "parameters": { "ldap-host": "personal.aurus.dom", "ldap-port": "389", "ldap-login": "sAMAccountName", "ldap-dn": "OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom", "ldap-identifier-attr": "sAMAccountName", "ldap-bind-user": "CN=Иванов И. И.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom", "ldap-bind-user-pwd": "************", "ldap-filter": "(objectClass=user)" } } ] Error: User authentication failed: LDAP authentication failed: LDAP authentication failed: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom org.jkiss.dbeaver.DBException: Failed to determine userId from user DN: CN=Теляков К. Н.,OU=otdel10,OU=korpus 24,DC=personal,DC=aurus,DC=dom at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.findUserNameFromDN(LdapAuthProvider.java:217) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authenticateLdap(LdapAuthProvider.java:334) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.validateAndLoginUserAccessByUsername(LdapAuthProvider.java:113) at io.cloudbeaver.service.ldap.auth.LdapAuthProvider.authExternalUser(LdapAuthProvider.java:78) at io.cloudbeaver.service.security.CBEmbeddedSecurityController.authenticate(CBEmbeddedSecurityController.java:1570) at io.cloudbeaver.service.auth.impl.WebServiceAuthImpl.authLogin(WebServiceAuthImpl.java:92) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:569)