Ad secrets engine ldaps authentication error

suresh.yarra · January 26, 2021, 1:04am

I am trying to enable ad secrets engine over ldaps and running into an error . I am using pem encoded root certificate for the secure authentication.

LDAP Result Code 53 “Unwilling To Perform”: 0000001F: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0

I don’t see any debug information anywhere to further troubleshoot this issue. I see in the vault docs that this error was mentioned with insecure ldap can cause this issue. I am using ldaps protocol with valid certs. ( ldap authentication plugin also works over ldaps successfully)
Tried almost all possible combinations. tried with a password_policy incase AD is rejecting the password changes over password_policy. However its working when I use ldap.

It would be great help if someone can she some light on to this issue.
Vault version: 1.6.0

Thanks,
Suresh

Gabyx92 · February 22, 2023, 12:19pm

Just in case this is useful for anyone, I was getting the same error and in my case I was missing the “s” in ldap.

url = "ldaps://
insecure_tls = “true”

Topic		Replies	Views
LDAP connection Error Vault	2	121	September 12, 2024
Active Directory Secret Engine Configuration using Certificate Vault	0	250	July 21, 2020
Vault LDAP error Vault	3	1029	June 27, 2022
Authentication failed: ldap operation failed Vault	1	2122	February 21, 2020
LDAP conifguration failing for Vault Vault	1	1617	February 16, 2020

Ad secrets engine ldaps authentication error

Related topics