Figured it out. For anyone having this issue: Go to "ldap_trust_map" and correlate the entries with the accounts in "Account" table. Delete the irrelevant ones in "ldap_trust_map" and login is successful.
Regards, Jordan -----Original Message----- From: Yordan Kostov <yord...@nsogroup.com> Sent: Friday, May 28, 2021 4:43 PM To: users@cloudstack.apache.org Subject: when removing an account linked to ldap and re-adding it, login fails [X] This message came from outside your organization Hey everyone, ACD version 4.15. I am playing with LDAP and after some tests I cannot login with ldap account anymore. This is what I get as error messages: 2021-05-28 15:31:40,645 INFO [o.a.c.l.LdapAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) user 'acstest01' is mapped to more then one account in domain and will be disabled. 2021-05-28 15:31:40,646 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Trying SAML2 auth for user: acstest01 2021-05-28 15:31:40,647 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find user with acstest01 in domain 18, or user source is not SAML2 2021-05-28 15:31:40,647 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to authenticate user with username acstest01 in domain 18 2021-05-28 15:31:40,647 WARN [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Unable to find an user with username acstest01 in domain 18 2021-05-28 15:31:40,648 DEBUG [c.c.u.AccountManagerImpl] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) User: acstest01 in domain 18 has failed to log in 2021-05-28 15:31:40,648 DEBUG [c.c.a.ApiServlet] (qtp1026871825-26357:ctx-b5cbec02) (logid:c77c97b9) Authentication failure: {"loginresponse":{"uuidList":[],"errorcode":531,"errortext":"Failed to authenticate user acstest01 in domain 18; please provide valid credentials"}} I have only 1 account mapped in that domain so from what I see it looks like this issue here -> https://urldefense.com/v3/__https://github.com/apache/cloudstack/issues/3661__;!!A6UyJA!wUcsBGPDJa5V-jfcXEGNQxhPCdJnumEo-mNFlnPMdDUi75-rkzTTa7A6dNOdYWqn$ Any idea what should be cleaned in the DB to allow login ? Regards, Jordan <font size="2"><font color="#D8D8D8">11!</font>