Ldap id provider - how to use?

Help
1

Enonic version: 6.11
OS: Windows 2012 r2

Hi

We have a customer who wants to use AD for login to content studio.
We use ldap id provider for this from enonic market but can´t get it to work.

What we have done:

  1. We have added the ldap id provider from market.
  2. We followed the instructions here: https://github.com/enonic/app-ldap-idprovider
  • the new user store we created in xp is called ldap.
  1. Changes performed in vhost file:
    enabled = true

mapping.a.host = localhost
mapping.a.source = /
mapping.a.target = /
mapping.a.userStore = system

mapping.b.host = www.sitename.com
mapping.b.source = /
mapping.b.target = /portal/master/sitename
mapping.b.userStore = ldap

mapping.c.host = www.sitename2.com
mapping.c.source = /
mapping.c.target = /portal/master/sitename2
mapping.c.userStore = ldap

mapping.admin.host = www.sitename.com
mapping.admin.source = /admin
mapping.admin.target = /admin
mapping.admin.userStore = ldap

  1. we get the new blue login screen but are not able to login with ad users.

What are we missing? any other steps that needs to be performed?

thanks in advance

2

Hi… What does your logs say? And are you sure the xp instance can access the ldap server?

3

Hi Ståle,

Just another thing to make sure is correct: edit the user store in User admin tool. Is the ID provider field set to the new provider you’ve installed? Or else the default XP one is used.

4

Hi,

As bwe said, I also think it is a configuration problem and you should edit the user store in the admin tool “Users”.

But I wanted to add because it happened to me last time: since you are using AD, change the “LDAP Dialect” from “Generic” to “Active Directory”

5

What does your logs say? And are you sure the xp instance can access the ldap server?
Server logs does not say anything. No information related to this when I try to log in with an AD user.
Is there another log level I could use to get more information in the log?
(I can browse AD with ldap browser from the xp server)

Just another thing to make sure is correct: edit the user store in User admin tool. Is the ID provider field set to the new provider you’ve installed? Or else the default XP one is used.
I created a new user store and selected the LDAP id provider application. I also get the login screen from this app when I change the vhost config to use this userstore so it seems ok.

But I wanted to add because it happened to me last time: since you are using AD, change the “LDAP Dialect” from “Generic” to "Active Directory"
I changed it to active directory as well but no luck.

Other ways to debug this more?

6

Add the following lines to your config file logback.xml (might need to restart the server)

<logger name="com.enonic.app.ldapidprovider" additivity="false">
  <level value="debug"/>
  <appender-ref ref="STDOUT"/>
</logger>

And be sure to have ldap idprovider 1.0.3 installed

That should give your more information on the failure

1 Like
7

Thanks. I´ll give it a try