Users encounter the following error in the Portainer logs when attempting to login via an LDAP user:
level=info msg="http error: Only initial admin is allowed to login without oauth (err=LDAP Result Code 49 \"Invalid Credentials\": 80090308: LdapErr: DSID-0C090511, comment: AcceptSecurityContext error, data 533, v4f7c\x00) (code=403)"
Cause:
This error occurs when the LDAP credentials configured in Portainer are no longer valid. It typically happens when the LDAP service account password has been changed or the account is no longer authorized.
Resolution:
To resolve this issue, follow these steps:
Log in with a Local Portainer Admin Account• Use a local Portainer admin account to access the Portainer web interface.
Update LDAP Credentials
• Navigate to Settings > Authentication in the Portainer interface.
• Update the LDAP password with the correct credentials for the LDAP account.
Verify Connectivity
• Perform a Connectivity Check to confirm the LDAP configuration is valid.
• Ensure the test passes before saving changes.
Save Changes
• Save the updated settings and ensure that the connection is stable.