Inconsistent error - "In Order to perform this operation a successful bind must be completed"

[connor-craig]

Hey all, I've configured nginx and nginx-ldap-auth on an ubuntu server as a means of authenticating the webserver to a windows AD instance. Currently i'm experiencing an issue where login fails intermittently, and I'm getting the following error in the logs.

Both Nginx and the auth daemon are running on the same host, and the windows DC is on the same network.

searching on server "ldaps://*****:636" with base dn "dc=**,dc=**,dc=**,dc=**" with filter "(sAMAccountName=******)

localhost - **** [16/Jan/2020 13:32:05] Error while running search query: {'info': u'000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839', 'desc': u'Operations error'}, server="ldaps://****:636", login="*****"

I've put the configuration including the bind account+password in both the /etc/defaults/nginx-ldap-auth and the /etc/nginx/sites-enabled/mysite file but that hasn't resolved the issue.

This link indicates that simple bind should be enabled on the DC to avoid this issue, although due to the security risks involved i'd rather not enable simple bind. -- UPDATE: i enabled simple bind for testing purposes and this resolved the issue, however due to the deployment environment i'm unable to leave this on as a long term solution.

Any ideas please let me know.

[connor-craig]

After adding the line EXTRA_ARGS="--disable-referrals=true" to the /etc/defaults/nginx-ldap-auth file underneath the rest of the parameters, it appears to have fixed this issue. Closing unless it re-appears