LDAP: Authentication doesn't work after password change

[ks.and1]

Hello everybody!

Thanks in advance for your invested time.

I managed to set up the LDAP authentication successfully using the following configuration:

Code:

Enable LDAP Authentication  		y 	 
Server: 	catsrv02.catalysts.local	
Port Number: 	389
User DN: CN=Users,DC=catalysts,DC=local		 	
Bind Attribute: userPrincipalName 		Login Attribute: userPrincipalName	
Auto Create Users:y 			
Encryption Key:

I created a test user, logged in with my credentials and had a new user created.So far no problems.
As I changed the password of the user I couldn't manage to login again (neither with the old, nor with the new pw)

This is the ldap response I extracted with Wireshark:

Code:

LDAPMessage bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0)

errorMessage: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0

I appreciate any hint where the problem is located (maybe something LDAP/AD specific)

Best regards
Alex

[ks.and1]

The problem has been solved and it's related to a problem of the ldap plugin (and might be useful information):

When using special characters in passwords (which is rather common I'd say) these passwords get transmitted html-encodedly.

So for example the password: abc1" becomes abc1&qout; which obviously leads to a failure.

adding this line to the php script worked (should be taken in general I assume)

Code:

 html_decode_entities($password)