Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Megan Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Table of Contents

How to configure multiple users and group bases?

...

A common path among these is CN=Users,DC=test,DC=windows,DC=frevvo,DC=com and that is what you can configure in the Users Base field.

How do I enable frevvo to retrieve users under nested AD groups (as opposed to just the users under the parent group)?

The solution is to include the string ":1.2.840.113556.1.4.1941:" as part of the groupMemberAttribute parameter of the LDAP connector in the frevvo.xml:

Code Block
<Parameter name="com.frevvo.security.ldap.groupMemberAttribute" value="member:1.2.840.113556.1.4.1941:" override="false"/>

Can I have more than one LDAP tenant?

...

  1. The primary source of information is the  log file. In most cases, the LDAP connector will try to indicate what the problem is in the logs. In the log file, look for lines with LDAPSecurityManager or LdapDao.
  2. It is useful to have an LDAP browser at hand, for instance, the Apache Directory Studio. With the browser you can:
    1.  Check if the connection parameters that you configured in  are correct.
    2.  Run queries against LDAP and make sure that the expressions you configured in   are correct and returning what you expect.
  3. If you can't spot the problem and need to contact frevvo support:
    1. Stop 
    2. Go to <frevvo-home>/tomcat/logs/frevvo.log.
    3. Follow these steps to change the log level from INFO to DEBUG
    4. Restart 
    5. Execute the steps that is causing problems.
    6. Send the log file (zip) to Live Forms support (support@frevvo.com) with a description of the problem.
    7. Restore the log level to INFO.

...

The table below lists LDAP errors you may encounter when configuring your tenant with the LDAP Security Manager. Verify the recommended values to resolve.

ParametersValue to VerifyError on Edit Tenant page
Connection URLWrong URL

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]

Verify the values in Connection URL,Connection User and Connection Password fields

Connection UserWrong username

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]

Verify the values in Connection URL,Connection User and Connection Password fields

Connection PasswordWrong password

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]

Verify the values in Connection URL,Connection User and Connection Password fields

Users BaseWrong CN"User access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ]
Users BaseWrong DCUser access failure: UnknownHostException?: frevvod.com
Groups BaseWrong CNGroup access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ]
Groups BaseWrong DCGroup access failure: UnknownHostException?: fqrevvo.com
All Groups FilterSyntax error like mismatched bracketsGroup access failure: InvalidSearchFilterException?: Unbalanced parenthesis
All Groups FilterInvalid search e.g. (objectClasses=group) instead of (objectClass=group)Group access failure: InvalidSearchFilterException?: [LDAP: error code 18 - 0000216B: AtrErr: DSID-03140274, #1: 0: 0000216B: DSID-03140274, problem 1004 (WRONG_MATCH_OPER), data 0, Att 180006 (objectClasses) ]
All Groups FilterWrong value e.g. (objectClass=groups) instead of (objectClass=group)Tenant updates successfully
All Users FilterSame as all groups filterSame as all groups filter
Certifcate ErrorVerify that the certificate is signed by a valid Certificate Authority. Self-signed certificates are not recommended and will not work for LDAP(s) in the Cloud.Group Access failure:SunCertPathBuilderException:Unable to find valid certification path to requested target