Using MobileFirst to authenticate users with LDAP server in mobile app

Question

I followed and used this tutorial: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/foundation/authentication-security/using-ldap-login-module-to-authenticate-users-with-ldap-server-in-hybrid-applications/

I only edit the authenticationConfig.xml and run the application

    <loginModule expirationInSeconds="-1" name="LDAPLoginModule">
        <className>com.worklight.core.auth.ext.LdapLoginModule</className>
        <parameter name="ldapProviderUrl" value="**************"/>
        <parameter name="ldapTimeoutMs" value="2000"/>
        <parameter name="ldapSecurityAuthentication" value="simple"/>
        <parameter name="validationType" value="searchPattern"/>
        <parameter name="ldapSecurityPrincipalPattern" value="{username}"/>
        <parameter name="ldapSearchFilterPattern" value="(&amp;(objectClass=user)(cn={username})(memberof=CN=******,OU=Clients,O=******))"/>
        <parameter name="ldapSearchBase" value="OU=Clients,O=******"/>
    </loginModule>

When I press the "Call protected adapter" it goes to LDAP Login Module, and when I entered the user credentials, nothing happens, the password just disappears.

Here's the log:

[WARNING ] FWLSE4014W: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 2030, v1db1 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at org.apache.aries.jndi.ContextHelper.getInitialContextUsingBuilder(ContextHelper.java:244) at org.apache.aries.jndi.ContextHelper.getContextProvider(ContextHelper.java:208) at org.apache.aries.jndi.ContextHelper.getInitialContext(ContextHelper.java:141) at org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSGiInitialContextFactoryBuilder.java:51) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.(Unknown Source) at com.worklight.core.auth.ext.LdapLoginModule.login(LdapLoginModule.java:158) at com.worklight.core.auth.impl.LoginContext.invokeLoginModule(LoginContext.java:252) at com.worklight.core.auth.impl.LoginContext.processRequest(LoginContext.java:217) at com.worklight.core.auth.impl.AuthenticationContext.processRequest(AuthenticationContext.java:510) at com.worklight.core.auth.impl.AuthenticationFilter.doFilter(AuthenticationFilter.java:182) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:206) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:86) at com.worklight.analytics.AnalyticsFilter.doFilter(AnalyticsFilter.java:124) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:206) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:86) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:978) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1100) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4730) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:297) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:981) at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262) at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) ' [project LDAPLoginModule] [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 2030, v1db1

Any idea what seems to be the problem?

Answer 1

According to the exception provided in the error log: LdapLoginModule authentication failed. Reason 'javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C0903A9

This may be related to the following: https://social.technet.microsoft.com/Forums/windowsserver/en-US/c98f3569-072a-4677-9b89-635ed2b8dffc/ldap-error-code-49-8009030c-ldaperr-dsid0c0903a9-comment-acceptsecuritycontext-error-data?forum=winserverDS

The error code 49 related to LDAP is caused by the invalid credentials. Please refer to the following most possible causes.
1. The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:
1). Pointed to non-user DN
2). Pointed to a non-existent user, but in existing DN
3). Pointed to non existent DN
4). Pointed to an existing user, but non existing DN
5). Pointed to an incorrect admin DN, uid instead of cn
6). Pointed to a non administrator user
7). Pointed to a valid admin but password is incorrect
2. Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication type is incorrect.