LDAP "Successful Bind Must Be Completed"

joeldoetsch · ‎11-19-2021

Hi All,

Brand new to Duo/2FA and trying to configure an LDAP Proxy to be used with Anyconnect. I ran the connectivity check tool, and everything looks OK from that end, but I’m getting an error of “In order to perform this operation, a successful bind must be completed on the connection”. I can’t figure out what this is referring to, and I can’t find much on that error except that it seems to indicate there’s a problem with the admin account?

That doesn’t track, though, since it doesn’t seem to have an issue with the initial connection to the LDAP, but the user login after.

Not really sure what anyone needs to diagnose this, just let me know and I’ll supply what I can.

Thanks,
JD

DuoPablo · ‎11-22-2021

Hi @JDoetsch ,

Although not a supported configuration, it may be possible to follow the generic LDAP documentation to protect AnyConnect VPN. In this setup, the service account needs to be exempted, so you will need to include the parameters exempt_primary_bind=false and exempt_ou=[OU or DN of service account] in your authproxy.cfg’s [ldap_server_auto] section (Knowledge Base | Duo Security). Try that first and see if it helps; otherwise the authproxy.log in debug mode might tell you more.

We have a direct LDAPS integration that does not require the Auth Proxy, in addition to RADIUS and SAML-based integration options for AnyConnect: Knowledge Base | Duo Security

Hope this helps!