exa-Vandana
Moderator
Moderator

Problem

Sometimes a user may encounter 'Authentication Failed' error when trying to login to Exasol using LDAP authentication.

Diagnosis

In general, when you authenticate a user with LDAP and if the user’s distinguished name contains spaces, then you might get the ‘Authentication Failure’ error because the distinguished name is not set up correctly and cannot handle the spaces.

You can check in the exa_dba_audit_sessions table that the session_id is null and the error_code , error_text column would be 08004 , ‘Connection exception – authentication failed’ respectively. 

Solution

Please recreate the LDAP user with double quotes ( “ “ ) to handle the spaces. For example :

CREATE USER firstname_lastname IDENTIFIED AT LDAP
AS 'cn="firstname lastname”,dc=authorization,dc=exasol,dc=com';

You can check this in the DISTINGUISHED_NAME of the EXA_DBA_USERS table.

Additional References

https://docs.exasol.com/sql/create_user.htm#Authenti3

Comments
kimmo
Padawan

This is a very useful information. I'm still struggling with this topic though.

I've added the address of our LDAP server (Active Directory) in my database settings (in EXAoperation), with and without port:

exa_ldap.png

After starting database again I tried several versions of a "CREATE USER" statement, first of all with the distinguished name copied right from the LDAP explorer:

CREATE USER kimmo IDENTIFIED AT LDAP AS 'cn="Kimmo *****",ou=users,ou=company,dc=example,dc=com';

CREATE USER kimmo IDENTIFIED AT LDAP AS 'cn="Kimmo *****",dc=example,dc=com';

[...]

But always the same result: Connection exception - authentication failed.

Exasol database has a tcp/ip connection to the LDAP server - checked with "SELECT test.lua_connect('10.1.2.3', '389') res FROM dual;"

Any ideas what might be the issue here?