I am getting this error when a certain user tries to login

LDAP Bind failure for user CN=.....,OU=Users,OU=.....,OU=.....,DC=.....,DC=..... Error 49: Invalid credentials

It as also happened with one other user but on second attempt they were able to login.

But it consistently happens with a particular user. This user informs me they have entered their credentials correclty and they were able to login a few days ago

Thanks for your help


johnbarclay’s picture

You might ask if the user has any particularly odd characters in their password to try to replicate this. And see what OS and language set they are using. By consistently, do you mean it can be replicated or it happens frequently?

t14’s picture


I checked the users password and it is made up of uppercase letters and numbers there are no special characters.

When you say language set do you mean the language used on their keyboard. I have international users who do not seem to have this problem

Yes it happens frequently is what i mean by consistently

Thanks for your time

t14’s picture

any more ideas to what could be causing it??


johnbarclay’s picture

No good ideas. Have you isolated this to drupal yet? That is:
Does the user have problems when authenticating to other applications besides drupal?
Have you and are you able to test the user binding directly through php without drupal?

I added some notes at http://drupal.org/node/1141764 on this sort of debugging also.

cgmonroe’s picture

Another possibility is that there are more than one match for your Drupal login name to LDAP search criteria. LDAP can be a bit random in the order they return results. If more than one result is found, a watchdog error is set, but the login process continues using the first result. This could account for people sometimes logging in (first result is their entry) and sometimes being denied (first result is not their entry).

Check the watchdog log entries for entries like: Error: %num user found with %filter under %base_dn.

If this is the problem, then you may need to make sure your searching the appropriate sections of the ldap server.

cgmonroe’s picture

Status: Active » Closed (cannot reproduce)

Closing due to inactivity.