cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WebIDE sap hana service connection: authentication failed for LDAP provisioned DB user

asifarif_syniti
Explorer

on ‎12-13-2021 4:45 PM

0 Kudos

Hi All,

I have built an MTA, created a HDB and a SAP HANA service connection.

When building a calculation view, and browsing for the object, I am getting "Error: Incorrect Service: Connect error: authentication failed".

I created a user provided service name and verified that the connection details are correct by using the same credentials via command line (hdbsql).

I cannot figure out what is causing this authentication issue. The user which I am using is a domain user created in Active Directory and provisioned automatically in SAP HANA DB via LDAP Provider.

But the user exists in the tenant db now and I can log into the database. Why is this not working via WebIDE??

So as a quick test, I created a new SAP HANA service connection this time using a regular db user (i.e. SYSTEM), and I am able to build the calculation view. So I know that the issue is with my LDAP assigned db user. The puzzling thing is that I can connect to the HANA DB directly and also through the Database Explorer in WebIDE (using the LDAP user).

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

asifarif_syniti
Explorer
‎12-15-2021 3:10 PM
0 Kudos

Has anyone connected their WebIDE to SAP HANA DB using sap hana service connection using an LDAP-enabled user?? I can't see any reason why this would not be supported.

Show replies
Show replies
draschke
Active Contributor
‎09-19-2023 10:13 AM
0 Kudos

Hi Asif,

I know it's been a long time.

But since we are facing a similar situation and want to use LDAP for USER provisioning, I was wondering how you were able to assign the XS roles to the user for using the WebIDE.

As far as I know, only the "old" catalogue roles are supported for LDAP and not the XS roles.

Or maybe that was the cause of your problem?

Best regards

Dirk

asifarif_syniti
Explorer
‎12-13-2021 9:42 PM
0 Kudos

Thanks Michael,

I have the following information from the trace:

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.802777 d Authentication AuthenticationInfo.cpp(00039) : ENTER getAuthenticationInfo (userName=asifarif)

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.802955 d Authentication MethodGSS.cpp(00050) : GSS isApplicableToken with input length 79

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.802984 d Authentication ManagerAcceptor.cpp(00322) : Method is applicable: SCRAMSHA256

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.802987 d Authentication ManagerAcceptor.cpp(00324) : Injecting logon name into method: asifarif

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.802990 d Authentication Method.cpp(00059) : set logon name=asifarif

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.803073 d Authentication ManagerAcceptor.cpp(00346) : evaluate was (fake) successful for method: SCRAMSHA256

[221951]{-1}[-1/-1] 2021-12-13 21:40:02.803077 d Authentication ManagerAcceptor.cpp(00408) : follow up request needed

[201785]{-1}[-1/-1] 2021-12-13 21:40:02.804114 d Authentication ManagerAcceptor.cpp(00434) : Method is applicable: SCRAMSHA256

[201785]{-1}[-1/-1] 2021-12-13 21:40:02.804125 d Authentication ManagerAcceptor.cpp(00443) : evaluate was not successful for method: SCRAMSHA256

[201785]{-1}[91/-1] 2021-12-13 21:40:02.804327 d Authentication AuthenticationInfo.cpp(00039) : ENTER getAuthenticationInfo (userName=asifarif)

[201785]{-1}[91/-1] 2021-12-13 21:40:02.804388 d Authentication Authenticate.cc(00075) : [AUTHENTICATION] logon name: asifarif, external name: isldapenabled: 1

[201785]{-1}[91/-1] 2021-12-13 21:40:02.804395 d Authentication Authenticate.cc(00975) : [PRE AUTHENTICATION] logon name: asifarif

[201785]{-1}[-1/-1] 2021-12-13 21:40:02.805985 d Authentication Authenticate.cc(00148) : exception during authentication: ERROR [SQL-10] authentication failed at ptime/query/catalog/catalog_authmgr.cc:889

exception 1: no.71000010 (ptime/query/catalog/catalog_authmgr.cc:889) TID: 201785

ptime::PtimeException

NO exception throw location recorded. Stack generation suppressed.

exception type information:

- 0: public ptime::SQLException@0x7f6bd72de5a0 SI

- 0: public ptime::SQLExceptionBase@0x7f6bd72dde40 SI

- 0: public ltt_adp::exception@0x7f6bd72dd780 SI

- 0: public ltt::exception@0x7f6bc8123960

Show replies
Show replies
Cocquerel
Active Contributor
‎12-13-2021 6:50 PM
0 Kudos

you may try to perform an authentication trace to know the reason of the failed authentication.

run the following statement

ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'SYSTEM') set ('trace', 'authentication') = 'debug' with reconfigure;

reproduce the issue

then switch off the trace

ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'SYSTEM') UNSET ('trace', 'authentication');

Finally look at indexserver trace.

Regards,

Michael

Show replies
Show replies
Ask a Question