Manualshelf

Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
451452453454455456457458459460
452 | Operator Logins DellNetworking W-ClearPass Guest 6.3 | User Guide
2. In the Lookup field, enter a lookup value. This can be an exact username, or you can include wildcards.If you use
wildcards, the search might return multiple values.
3. In the Search Mode field, use the drop-down list to specify whether to search for an exact match or use wildcard
values.
4. (Optional) Click the Advanced check box to display detailed authorization information for the specified sponsor.
5. Click Search Directory to attempt to find sponsor names that match the lookup values, or click Cancel to
cancel the test. The Authentication Test area is added above the server names to indicate the searchs progress.
Troubleshooting Error Messages
The error messages in the following table can be used to diagnose error messages such as: “LDAP Bind failed: Invalid
credentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece), bind DN
was:
Error Data Reason
525 User not found
52e Invalid credentials (password is incorrect)
530 Not permitted to log on at this time
531 Not permitted to log on at this workstation
532 Password has expired
533 Account is disabled
701 Account has expired
773 User must reset password
775 User account is locked
Table 88:
LDAP Error Messages
Other items to consider when troubleshooting LDAP connection problems:
l Verify that you are using the correct LDAP version use ldap:// for version 2 and ldap3:// to specify LDAP
version 3.
l Verify that you are using an SSL/TLS connection use ldaps:// or ldap3s:// as the prefix of the Server URL.
l Verify that the Bind DN is correct the correct DN will depend on the structure of your directory, and is only
required if the directory does not permit anonymous bind.
l Verify that the Base DN is correct the Base DN for user searches is fixed and must be specified as part of the
Server URL. If you need to search in different Base DNs to match different kinds of operators, then you should
define multiple LDAP Servers and use the priority of each to control the order in which the directory searches are
done.
LDAP Translation Rules