Shibboleth authentication failure with ldap

Question

I am first time trying to install Shibboleth Idp(2.4.2). I am using LDAP authenticatication. I successfully configured Tomcat7, Shibboleth Idp, Apache, and ldap. But when I tried to authenticate a user, I get the following error:

Login has failed. Double-check your username and password.

I confirmed my username and password are correct.

Here follows the slapd syslogs:

Jun 10 12:55:03 shib-VirtualBox slapd[6499]: conn=1008 fd=13 ACCEPT from IP=10.0.0.100:49434 (IP=0.0.0.0:389)
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=0 BIND dn="cn=admin,dc=mysys242,dc=subdomain,dc=idp" method=128
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=0 BIND dn="cn=admin,dc=mysys242,dc=subdomain,dc=idp" mech=SIMPLE ssf=0
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=0 RESULT tag=97 err=0 text=
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=1 SRCH base="dc=mysys242,dc=subdomain,dc=idp" scope=2 deref=3 filter="(uid=admin)"
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=1 SRCH attr=1.1
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 op=2 UNBIND
Jun 10 12:55:04 shib-VirtualBox slapd[6499]: conn=1008 fd=13 closed

Here follows how I configured in login.conf file:

ShibUserPassAuth {
  edu.vt.middleware.ldap.jaas.LdapLoginModule required
  ldapUrl="ldap://mysys242.subdomain.idp:389"
  baseDn="dc=mysys242,dc=subdomain,dc=idp"
  bindDn="cn=admin,dc=mysys242,dc=subdomain,dc=idp"
  bindCredential="mypassword"
  ssl="false"
  subtreeSearch="true"
  userFilter="uid={0}";
};


Here follows how I configured in attribute-resolver.xml
 <resolver:DataConnector xsi:type="dc:LDAPDirectory"
                          xmlns="urn:mace:shibboleth:2.0:resolver:dc"
                          id="myLDAP"
                          ldapURL="ldap://mysys242.subdomain.idp:389"
                          baseDN="dc=mysys242,dc=subdomain,dc=idp"
                          principal="cn=admin,dc=mysys242,dc=subdomain,dc=idp"
                          principalCredential="welcome"
                          lowercaseAttributeNames="true">
    <dc:FilterTemplate>
      <![CDATA[
        (uid=$requestContext.principalName)
      ]]>
    </dc:FilterTemplate>
  </resolver:DataConnector>

I will highly appreciate any response or directions.

Answer 1

Check "admin" entry from ldap (thru ldap browser) have uid value set to "admin" (uid=admin) (or) Change userFilter="cn={0}" in login.config, restart and try.