Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Table of Contents

How to configure multiple users and group bases ?

The Users Base and Groups Base fields on the LDAP configuration screen define a root node to search for entries. The searches are recursive and will traverse the hierarchy starting from those nodes.  If your multiple paths share a common base you can configure that value in these properties. For instance, lets assume the following bases:

...

  1. The primary source of information is the  log file. In most cases, the LDAP connector will try to indicate what the problem is in the logs. In the log file, look for lines with LDAPSecurityManager or LdapDao.
  2. It is useful to have an LDAP browser at hand, for instance, the Apache Directory Studio. With the browser you can:
    1.  Check if the connection parameters that you configured in  are correct.
    2.  Run queries against LDAP and make sure that the expressions you configured in   are correct and returning what you expect.
  3. If you can't spot the problem and need to contact frevvo support:
    1. Stop 
    2. Go to <frevvo-home>/tomcat/logs/frevvo.log.
    3. Follow these steps to change the log level from INFO to DEBUG
    4. Restart 
    5. Execute the steps that is causing problems.
    6. Send the log file (zip) to Live Forms support (support@frevvo.com) with a description of the problem.
    7. Restore the log level to INFO.

...

Another potential issue is case sensitivity. Please refer to the topic Mixed or Upper case User Names .

A user that should be an administrator logs in but can't manage the tenant

  1. Login to your LDAP/AD Server.
  2. Make sure you have a group defined for the designer tenant admin role and it is named frevvo.TenantAdmin.
  3. Make sure the user having the problem is a member of the frevvo.TenantAdmin group. 

Another potential issue is case sensitivity. Please refer to the topic Mixed or Upper case User Names.

I can authenticate against LDAP via the Live Forms login page but SSO is not working

...

The table below lists LDAP errors you may encounter when configuring your tenant with the LDAP Security Manager. Follow Verify the recommended corrective action values to resolve.

ParametersValue to VerifyError on Edit Tenant page
Connection URLWrong URL

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]

Verify the values in Connection URL,Connection User and Connection Password fields

Connection UserWrong username

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]

Verify the values in Connection URL,Connection User and Connection Password fields

Connection PasswordWrong password

Group access failure: AuthenticationException?: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]

Verify the values in Connection URL,Connection User and Connection Password fields

Users BaseWrong CN"User access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ]
Users BaseWrong DCUser access failure: UnknownHostException?: frevvod.com
Groups BaseWrong CNGroup access failure: NameNotFoundException?: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=frevvo,DC=com' ]
Groups BaseWrong DCGroup access failure: UnknownHostException?: fqrevvo.com
All Groups FilterSyntax error like mismatched bracketsGroup access failure: InvalidSearchFilterException?: Unbalanced parenthesis
All Groups FilterInvalid search e.g. (objectClasses=group) instead of (objectClass=group)Group access failure: InvalidSearchFilterException?: [LDAP: error code 18 - 0000216B: AtrErr: DSID-03140274, #1: 0: 0000216B: DSID-03140274, problem 1004 (WRONG_MATCH_OPER), data 0, Att 180006 (objectClasses) ]
All Groups FilterWrong value e.g. (objectClass=groups) instead of (objectClass=group)Tenant updates successfully
All Users FilterSame as all groups filterSame as all groups filter
Certifcate ErrorVerify that the certificate is signed by a valid Certificate Authority. Self-signed certificates are not recommended and will not work for LDAP(s) in the Cloud.Group Access failure:SunCertPathBuilderException:Unable to find valid certification path to requested target