Users Unable to Log In to TeleScope

Overview

If you are experiencing authentication failures and you have LDAP/AD configured for your TeleScope environment, it might be the case that it is not configured correctly or the configuration parameters have changed on the directory server. Error messages like Password is incorrect or unable to find valid certification path to requested target would be recorded in the ab.log file.

 

Solution

Diagnosis

If you had LDAPS configured for authentication to TeleScope, then an SSL misconfiguration between TeleScope and an LDAPS server will generate the following error in the ab.log file:

[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target]

This might be followed by a [ERR] ABDBPlugin::Authenticate(): Password is incorrect if a failover authentication plugin is configured, Authentication Broker Database(ABDB) plugin in this case, and the user has set different passwords for their account on the two plugin backends.

Note that configuration changes cannot be solved by rebooting involved servers and you have to configure any updated configuration.

Steps To Fix

Follow the steps in the Set up LDAP Plugin for LDAP over SSL section of the linked article to update any changes that might have happened in the remote directory server, including importing any updated certificates. Please follow other sections in the linked article if needed.

 

Testing

Attempt to log in to Telescope. If the login is successful, you are logging in with LDAPS. (The authentication may be noticeably slower due to the extra handshake measures performed by the certificate.)

Comments

0 comments

Please sign in to leave a comment.