Auth0 LDAP Connector Fails to Authenticate Users from Trusted Domain (Wrong Username Error)

We’re experiencing an issue with the Auth0 LDAP Connector when attempting to authenticate users from a child domain within the same Active Directory forest.

We have a forest with multiple domains:

• Parent domain: example.com

• Child domain: ua.example.com

• he LDAP Connector is installed on a server in the parent domain, and is configured with the following:

• LDAP_URL: ldaps://DCCE01.example.com:3269

• LDAP_BASE: DC=example,DC=com

• username_field: userPrincipalName

• The domain controller (DCCE01) is a Global Catalog (verified via PowerShell and GUI).

• We use test89@ua.example.com as a test user. We verified via PowerShell (DirectorySearcher) that this user can be found using userPrincipalName.

Issue

Despite being searchable through LDAP using GC port 3269, the Auth0 LDAP Connector fails with:

user test89@ua.example.com: Authentication attempt failed. Reason: wrong username

Please help us determine why the connector is failing to authenticate users from a trusted child domain, even though they are present in the Global Catalog and searchable by userPrincipalName.

Would appreciate any insight, debug suggestions, or additional settings we may have missed.

The user support is really cool.

They found a solution for me in a short time

“LDAP_USER_BY_NAME”: “(userPrincipalName={0})”,

Thanks for sharing the solution with the rest of us!

Kind Regards,
Nik

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.