LDAP Security Error Messages

Below is a list of errors that may occur when TLS is enabled in LDAP but not in Laserfiche Directory Server.

• "Strong authentication is required for this operation" error
• "An invalid DN syntax has been specified" error
• "Access was denied" error

"Strong authentication is required for this operation" error

The Identity Provider 'myIdP' not registered successfully: Strong authentication is required for this operation. (LFDS0)(LMO0) error occurs when an Identity Provider is registered with TLS turned off, but the directory requires TLS.

Solution:

1. Navigate to Laserfiche Directory Server's Settings tab.
2. Click Identity Providers tab and click on your LDAP Identity Provider.
3. In the General tab, set Use TLS to Yes.

"An invalid DN syntax has been specified" error

Security Token Service (STS) displays an incorrect An invalid DN syntax has been specified. error when:

• Using LDAP authentication with TLS mismatch.

Solution:

1. Navigate to Laserfiche Directory Server's Settings tab.
2. Click Identity Providers tab and click on your LDAP Identity Provider.
3. In the General tab, set Enable Windows Authentication to Yes.
4. Choose Use the following credentials to query the directory server.
5. Enter valid user credentials in the User name and Password fields.
6. If error persists, then set Use TLS to Yes.

"Access was denied" error

Access was denied. You can retry using a specific Windows account. error may occur when:

• User credentials were entered incorrectly when trying to search within Active Directory from Laserfiche Directory Server.
• User does not have the proper rights to query directory.
• User is searching within the directory for the first time. For example, searching a user or group within the directory through the directory picker dialog box in Laserfiche Directory Server.
• Querying a directory with TLS turned off for the Identity Provider in Laserfiche Directory Server, but TLS is required by the directory.

Solution:

1. Enter user credentials into the prompt for access denied.
2. If error persists, then navigate to Laserfiche Directory Server's Setting tab:
   • Click the Identity Providers tab and click on your LDAP Identity Provider.
   • In the General tab, set Use TLS to Yes.