ldap password - authentication failures Skip to main content
https://support.okta.com/help/answers?id=906f0000000i02xiac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Niall McLoughlinNiall McLoughlin 

ldap password - authentication failures

All

Brand new to Okta, but not to Identity SaaS. I've just setup an internal LDAP to trial Okta. CentOS 6.4 with IBM Tivoli Directory Server 6.3. Setup the LDAP and created some inetorgperson users. Tested authentiction against those users locally and they work as expected.

Installed the Okta LDAP agent and followed through the instructtions. Everything completed correctly. Configured the LDAP settings in the Okta Admin console, and the test configuration process returns success.

If I try to log into Okta with one of those users, I get an authentication failure. Checking the Okta logs shows the authentication failure but it also reports that it has imported that user. The People tab in the Directories section is still empty.

The password is stored in the LDAP in clear text, but I've tried various hash settings as well with no joy.

Is there something I'm missing ? Why the authentication failures ?

Thanks in advance.
Raja NejemRaja Nejem (Okta, Inc.)
After you import them, make sure to confirm them as active users.  Under import tab, select your users and import and activate them.

For more info:
https://support.okta.com/help/articles/Knowledge_Article/Introducing-LDAP-Imports
 
Niall McLoughlinNiall McLoughlin
Thanks Raja. A couple of things come out of that.

The documentation states to import the users, go to:
1.Go to Directory > Directory Integrations > <your LDAP instance>.
2.Click the Import tab.
3.Click Import Now.

I don't have an Import tab. Agents. People and Settings are all I have.

I've had tried to setup so the users are imported on their first authentication. Under LDAP > Import Settings, the "Create Okta user on First Sign-In" is active. It's description is;

"An LDAP user's Okta account is created the first time they sign into Okta with their LDAP credentials. Your LDAP agents must be active for activation to complete successfully."

So I need to authenticate with a user, and it should be imported at that point. Which brings me back to my original issue of the userid and password that work locally are not working when authenticating through Okta.

I'll dig into the LDAP logs to see what's going on that side, but how can I get more information out of Okta other than just "authentication failure" ?
Niall McLoughlinNiall McLoughlin
Just resolved it. In LDAP > Import settings the "Okta username format" was set to email. I set it to UID ( which I've configured to be the same as email ) and it worked just fine. I'm going to play around with the hash settings now to see what works and what doesn't.

Still doesn't answer why I can't manuall import users though ?