Josh Herron
Rank: #476
16Views
6Comments
[Active Directory] Initial Setup for Active Directory
Question
Forge
Traditional Web
Active Directory
Forge component by Renato Pauleta
18
Published on 13 Jan 2020
Application Type
Traditional Web

Good evening, we have cloned our users module to connect to a Linux LDAP server.   Applications using this cloned users module are able to authenticate as expected.   I am now trying to set up the Active Directory component so I can query user information and/or allow users to update their passwords in the LDAP.    

I started by installed the Active Directory application and the Active Directory - Demo.   I then updated Active Directory Core to use the cloned users module  (which points to LDAP)   Then I updated Active Directory - Demo to use that same module.  

Next I attempted to configure the ADConfigurations using the configuration below.   However when I search for a user in the Demo app I always get an invalid token error.   (When I debug the Token_Validate I see an unable to contact server message at the AD_SetGlobalDomainNoPassword step.   

I assume I am entering the incorrect format for my domain and/or container entries?   

0
0
on 2020-12-11
Copy link to comment
Renato Pauleta
Staff
Rank: #22

Hello Josh,

Being unable to contact the server usually means that the server where the OutSystems platform is installed can’t reach the AD server. If you’re running an on prem server you can ask your network guys to check the connection from within the server.

However, if you’re running cloud, you’ll need to send an email to our support asking to open a port to your AD server.

I hope this helps and it’s great to see the way you’re trying to use the platform.

Good luck.

0
0
on 2020-12-12
Copy link to comment
Josh Herron
Rank: #476

That’s the strange thing.   We have the LDAP server configured in our cloned user module and it connects fine.   The Active Directory module fails when I use the same LDAP IP and port.


I assumed I was entering the domain/container information in an incorrect format.

0
0
on 2020-12-12
Copy link to comment
Renato Pauleta
Staff
Rank: #22

It might be.

Have you tried removing the /ou=People... from the domain? Usually that’s set on the container part.

0
0
on 2020-12-12
Copy link to comment
Josh Herron
Rank: #476

I just tried it.   Below you can see my configuration for the Active Directory module and then below that is the configuration we have in the users module.   Also showing a test that shows it's connecting to the LDAP properly.

When I set up the ADAccess Token like this and attempt to query a user it still says unable to access server at the AD_SetGlobalDomain step.   If I run Wireshark from the app server while doing that test I do not see any traffic attempting to hit our LDAP IP either.



0
0
on 2020-12-12
Copy link to comment
Renato Pauleta
Staff
Rank: #22

There are two difference I can see in the configurations:

  1. You’re using LDAP instead of active directory
  2. The domain you’re using to connect to AD in the AD Configurations still has something after the port. The way you connect to AD or LDAP is different. There’s also a LDAP connector on the forge if you’re connecting to a LDAP server
0
0
on 2020-12-12
Copy link to comment
Josh Herron
Rank: #476

Well that's unfortunate, but thank you so much for the help.   I was hoping the LDAP connection would pass the AD queries through.   I will reach out to our admin and see if he has connection information for AD.   Once I have that is it important for me to update the userProvider module on the ActiveDirectoryCore and the Active Directory - Demo modules to point to our LDAP user module.   or can I leave them set to the default userProvider module?

I did see an LDAP component but when I read the support information the user comments indicated that it was just a copy of your Active Directory Core module and said it doesn't really work.   Maybe I didn't see the proper component.

0
0
on 2020-12-12
Copy link to comment