Vault LDAP error


I’m trying to configure vault to use the ldap authentication.
My configuration looks like this:
Key Value

binddn CN=SVC_Vault,OU=Service Accounts,OU=Services,DC=inter,DC=lan
case_sensitive_names false
certificate -----BEGIN CERTIFICATE-----
deny_null_bind true
discoverdn false
groupattr memberOf
groupdn OU=Groups,OU=Support,DC=inter,DC=lan
groupfilter (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
insecure_tls false
starttls false
tls_max_version tls12
tls_min_version tls12
upndomain n/a
url ldaps://ldaps.inter.lan
userattr samaccountname
userdn OU=Users,OU=Business,DC=inter,DC=lan

When I try to authenticate (vault login -method=ldap username=…) I get:

  • LDAP bind failed: LDAP Result Code 49 “Invalid Credentials”: 80090308: LdapErr: DSID-0C090436, comment: AcceptSecurityContext error, data 52e, v23f0

The credentials are ok.
Any idea how to debug it? (it’s a pretty old installation - v.0.10)


Try adding the port to your ldaps connection URL. To debug use openldap tools to verify your company’s DNs and filters.

Perhaps your user credentials passed on the command line are OK, but the configured credentials used for:

are not.

That’s not just pretty old, it’s 6 years old! Please upgrade immediately!

Bingo!!! Thanks a lot for your help