Login via LDAP to TYK Dashboard - getting 401

Support Installation and Deployment
1

Hi all,
I’m trying to use LDAP with TYK, I’ve already passed all steps from dashboard-login-ldap-tib
However, when I’m trying to login with user that is in AD, I’m getting next:

DEBU[2042] [AUTH HANDLERS] → Looking up profile ID:1
DEBU[2042] [AD AUTH] Connect: starting…
DEBU[2042] [AD AUTH] → To: 100.104.100.77:389
DEBU[2042] [AD AUTH] Connect: finished…
DEBU[2042] DN: uid=dkomisar,cn=users,cn=accounts,dc=example,dc=com
INFO[2042] [AD AUTH] User bind successful: dkomisar
INFO[2042] [AD AUTH] Search: starting…
INFO[2042] [AD AUTH] LDAPFilter is blank, skipping
INFO[2042] [AD AUTH] User Data:{map ADProvider [email protected] dkomisar 0001-01-01 00:00:00 +0000 UTC}
DEBU[2042] [AD AUTH] Constraints for AD must be set in DN
INFO[2042] [TYK ID HANDLER] Creating identity for: {map ADProvider [email protected] dkomisar 0001-01-01 00:00:00 +0000 UTC}
WARN[2042] Response code was: 401
WARN[2042] Returned: {“Status”:“Error”,“Message”:“Not authorised”,“Meta”:null}

ERRO[2042] [TYK ID HANDLER] API Response error: Response code was not 200!
ERRO[2042] [TYK ID HANDLER] Nonce creation failed: Response code was not 200!
DEBU[2042] [AD AUTH] Closing connection

my profile.json is next:
[
{
“ActionType”: “GenerateOrLoginUserProfile”,
“ID”: “1”,
“OrgID”: “2”,
“ProviderConfig”: {
“FailureRedirect”: “http ://example.com:3000/?fail=true”,
“LDAPAttributes”: ,
“LDAPPort”: “389”,
“LDAPServer”: “100.104.100.77”,
“LDAPUserDN”: “uid=USERNAME,cn=users,cn=accounts,dc=example,dc=com”
},
“ProviderName”: “ADProvider”,
“ReturnURL”: “http ://example.com:3000/tap”,
“Type”: “passthrough”
}
]

tib.conf
{
“Secret”: “test-secret”,
“HttpServerOptions”: {
“UseSSL”: false,
“CertFile”: “./certs/server.pem”,
“KeyFile”: “./certs/server.key”
},
“BackEnd”: {
“Name”: “in_memory”,
“ProfileBackendSettings”: {},
“IdentityBackendSettings”: {
“Hosts” : {
“localhost”: “6379”
},
“Password”: “”,
“Database”: 0,
“EnableCluster”: false,
“MaxIdle”: 1000,
“MaxActive”: 2000
}
},
“TykAPISettings”: {
“GatewayConfig”: {
“Endpoint”: “http ://localhost”,
“Port”: “8080”,
“AdminSecret”: “352d20ee67be67f6340b4c0605b044b7”
},
“DashboardConfig”: {
“Endpoint”: “http ://localhost”,
“Port”: “3000”,
“AdminSecret”: “352d20ee67be67f6340b4c0605b044b7”
}
}
}

Can someone please suggest where do I need to start digging to find the root cause?

1 Like
2

Have you checked your secrets match their equivalents in tyk.conf and tyk_analytics.conf?

https://tyk.io/docs/integrate/3rd-party-identity-providers/dashboard-login-ldap-tib/#3-conifgure-tib

3

Hi Josh,
I double check and the secrets are equivalents in both configs. Still trying to resolve the issue bot no luck.