Hi Gonçalo

The Enterprise Manager solution includes the LDAP connector, which allows you to connect to Active Directory through the Lightweight Directory Access Protocol (LDAP). Since what's supported here is the protocol LDAP, I'm guessing it will work well with OpenLDAP as well.

Have you tried the instructions on Integrate application with LDAP  to activate the LDAP login, and configured the LDAP domain/server site properties?

Cheers

Miguel João

Hi folks,

I'm having trouble integrating a customer's OutSystems application (Java stack v8.0.1.35) with LDAP using the Configuring End-User Authentication instructions. The following settings are being configured:

Troubleshooting:
1. I've already tested ldapsearch -x command and it returns fine (the whole bunch of directory entries)

2. I've also confirmed that the above CN (contas.pessoais) is the one holding the user logins (every line starts with member: uid=...)

3. In Service Center I still get Invalid Login errors

Is there any other way I could troubleshoot the authentication flow?

Our platform server is Java stack, version 8.0.1.35, installed with JBoss 7.1 on RHEL 6.1

Many thanks for all the help,
Pedro

Well, first thing you should do is try to figure out why the login is failing.

It says in the Authentication extension action that is used to validate LDAP login that "the password is sent in clear text mode". Perhaps your OpenLDAP configuration is not allowing this method of authentication?

Are there any other errors in either OpenLDAP logs or the OutSystems Platform Error Logs (including server.log) that point to an underlying error?  If so, you can maybe follow up on that.

For a more low level approach you may want to actually open the Authentication extension and check the code that is being executed to validate LDAP Login. You can troubleshoot it in Java and try to understand why that's failing.

I would suggest going through the troubleshooting steps depicted by the OpenLDAP Troubleshooting guide.

Hi Ricardo,

Many thanks for the suggestions. There might be a good probability on the authentication method allowed:
- we found no errors in server.log;
- we've found the usual server requests being recorded at access_xx-xx-xxxx.log but they're no use for this case;
- we keep seeing the Invalid Login exception in Service Center error logs, both when using the Users' LDAP Authentication and the LDAP extension's User_ValidateLogin action;
- since we can successfuly login on the server using ldapsearch we might have indeed an authentication method misalignment between these several login trials; the only question is how to setup that method?
- we've also tried to troubleshoot (with platform Audits) the LDAP extension and haven't found much yet besides the correct execution flow reaching the login trial and getting an Invalid Login/Password exception.

Where can I find the allowed authentication method? There's no access to the ldap server to use the mentioned slaptest tools (in the Troubleshooting guide). Could this be obtained using ldapsearch command line?

...this seems like a good start: https://www.openldap.org/faq/data/cache/358.html Thanks Ricardo!