Troubleshooting LDAP
Celoxis LDAP authentication has been by hundreds of companies in various environments. If your LDAP based authentication is not working, it is most likely because of a misconfiguration which can be easily remedied using the LDAP Quest program.
About LDAP Quest
Celoxis LDAP Quest is a java program to debug connection and authentication issues with an LDAP server. First, it connects to an LDAP server and authenticates using the specified admin DN and password. If successful, tries to connect as the specified combination of end-user and password.
Downloading LDAP Quest
Download ldap-quest.zip from here
Using LDAP Quest
- Unzip the ldap-quest.zip file. It should create a folder
ldap-questthat contains theLDAPQuest.classfile. - Open a terminal window and cd to the
ldap-questfolder. You must now be in the same directory that contains theLDAPQuest.classfile. - Then type: java LDAPQuest <ldap-url> <admin-DN> <admin-password> <ldap-search-attr> <base-dn> <celoxis-username> <password>
- If you are using Microsoft ADS, the ldap-search-attr must always be sAMAccountName
If any of the program arguments (e.g. password or admin DN), contains a space or special characters, enclose it within double quotes or escape it in any other way.
Examples
$ java LDAPQuest ldap://ldap.celoxis.com cn=Administrator,cn=users,dc=celoxis,dc=com kaboom1 sAMAccountName cn=users,dc=celoxis,dc=com Joe joeIsKing1 1) Trying to connect to LDAP and bind as Admin... ---------------------------------------------------------------------------------------- SUCCESS: Admin authenticated successfully. 2) Trying to authenticate end user... ---------------------------------------------------------------------------------------- Searching for Joe in cn=users,dc=celoxis,dc=com FOUND DN: CN=Joe,CN=Users,DC=celoxis,DC=com 3) Connecting as CN=Joe,CN=Users,DC=celoxis,DC=com with specified password... ---------------------------------------------------------------------------------------- SUCCESS: Joe authenticated successfully.
Example of enclosing admin DN with double quotes:
$ java LDAPQuest ldap://ldap.celoxis.com "cn=Marcia Overstrand,cn=users,dc=celoxis,dc=com" kaboom1 sAMAccountName ou=Sales,dc=celoxis,dc=com Joe joeIsKing1 1) Trying to connect to LDAP and bind as Admin... ---------------------------------------------------------------------------------------- SUCCESS: Admin authenticated successfully. 2) Trying to authenticate end user... ---------------------------------------------------------------------------------------- Searching for Joe in ou=Sales,dc=celoxis,dc=com FOUND DN: CN=Joe,OU=Sales,DC=celoxis,DC=com 3) Connecting as CN=Joe,OU=Sales,DC=celoxis,DC=com with specified password... ---------------------------------------------------------------------------------------- SUCCESS: Joe authenticated successfully.
$ java LDAPQuest ldap://ldap.forumsys.com cn=read-only-admin,dc=example,dc=com password uid dc=example,dc=com euler password 1) Trying to connect to LDAP and bind as Admin... ------------------------------------------------------------------------------- SUCCESS: Admin authenticated successfully. 2) Trying to authenticate end user... ------------------------------------------------------------------------------- Searching for euler in dc=example,dc=com FOUND DN: uid=euler,dc=example,dc=com 3) Connecting as uid=euler,dc=example,dc=com with specified password... ------------------------------------------------------------------------------- SUCCESS: euler authenticated successfully.