I’ve created a AAA group in a Cisco ASA, and have double-verified that I’ve assigned the proper integration key and security key where needed. However, I am receiving a generic LDAP error 49: Invalid credentials, in the debug output of
debug ldap 255 on the ASA.
Here is the debug output when attempting to authenticate with the AAA profile:
OURASA# debug ldap 255 debug ldap enabled at level 255 OURASA# terminal monitor OURASA#  Session Start  New request Session, context 0xafe22d24, reqType = Authentication  Fiber started  Creating LDAP context with uri=ldaps://IPofDuoLDAP:636  Connect to LDAP server: ldaps://IPofDuoLDAP:636, status = Successful  While getting rootDSE, LDAP server IPofDuoLDAP returned code (53) Server is unwilling to perform  This LDAP server does not support V3 protocol.  Binding as [The app's integration ID]  Performing Simple authentication for [The app's integration ID] to IPofDuoLDAP  Simple authentication for [The app's integration ID] returned code (49) Invalid credentials  Failed to bind as administrator returned code (-1) Can't contact LDAP server  Fiber exit Tx=244 bytes Rx=51 bytes, status=-2  Session End
Note that because the ASA can’t effectively bind, I do not see any Authentication logs on the configured Duo application.
I have opened a support ticket, but are not satisfied with their turn around time and was wondering if anyone else has experienced this issue and if they can assist with a resolution.