Hello everybody.
We (the Sodius company) provide tooling around Integrity. As such, we run a bunch of virtual machines with Integrity server from 9.6 to 10.9. All of those VMs used to authenticate users to our company old Windows Server 2003 Active Directory. Here is AD related section of the security.properties file:
ldap.host=<windows server host FQDN>
ldap.port=389
ldap.principal=CN=<the unprivlledged user>,OU=collaborateurs,DC=<domain>,DC=<suffix>
ldap.credential=<password>
ldap.user.dn=OU=sodius,OU=collaborateurs,DC=<domain>,DC=<suffix>
ldap.user.objectclass=user
ldap.user.name=sAMAccountName
ldap.user.filter=(&(sAMAccountName=%u)(objectclass=user)(objectcategory=person))
ldap.user.scope=subtree
ldap.group.objectclass=group
ldap.group.name=cn
ldap.group.members=member
ldap.group.filter=(&(cn=%g)(objectclass=group))
ldap.group.dn=OU=sodius,OU=collaborateurs,DC=<domain>,DC=<suffix>
ldap.group.scope=subtree
ldap.member.filter=(|(objectclass=group)(objectclass=user))
ldap.member.dn=%M
ldap.member.scope=base
ldap.ou.objectclass=organizationalUnit
ldap.ou.name=collaborateurs
This has worked for years. Because WS2003 is really old and obsolete, we recently switched to a brand new Windows Server 2016 AD. Our AD structure changed a bit, of course we reflected those changes in the security.properties file. But no way to get a working Integrity Server. We always get a fatal error message:
2017-03-08 09:18:49,920 Service AppConfig not started due to errors: Service mks:name=IM not started due to errors: Unable to start IM service: Unable to authenticate to LDAP server: The credentials presented to the server for authentication are not valid. (For example, the password sent to the server does not match the user's password in the directory.) [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839
2017-03-08 09:18:49,936 Shutdown requested by Configuration service. Reason: Service AppConfig not started due to errors: Service mks:name=IM not started due to errors: Unable to start IM service: Unable to authenticate to LDAP server: The credentials presented to the server for authentication are not valid. (For example, the password sent to the server does not match the user's password in the directory.) [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D3, comment: AcceptSecurityContext error, data 52e, v3839
The problem is the credentials used are valid. We tested with 3 differents accounts, same error. I installed some LDAP request tools and they work, credentials are accepted and we can run some requests on the AD. So the problem is really on the Integrity side (10.6 in this case).
Any help would be great, thanks.