Testing the LDAP Configuration
After configuring the Oxygen Content Fusion Enterprise Server to use LDAP authentication, you can test to make sure the configuration is correct by following these steps:
- Go to the Content Fusion browser interface. The login screen should now display a Username and Password field now that LDAP authentication is enabled.
- Log in with your LDAP credentials. If the login succeeds, LDAP authentication is configured properly. Otherwise, continue with the subsequent steps.
- View the server logs in a new browser tab and for the Service name, choose Content Fusion.
- You should see multiple logs, but the last logs should be related to the failed login you
just attempted. Search through these logs for: [LDAP] Authentication failed
for.The logged errors may be different depending on your LDAP server, but here are a few examples of what the logs might look like:
- Wrong host/port configured
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-3] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: javax.naming.CommunicationException: ldap.example.com:3899 [Root exception is java.net.ConnectException: Connection refused: connect]
- SSL enabled, but connecting to non-SSL host
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: javax.naming.CommunicationException: simple bind failed: ldap.example.com:389 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
- SSL enabled, but certificate not trusted
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: javax.naming.ServiceUnavailableException: ldap.example.com:636; socket closed
- Wrong ID attribute configured
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: Missing LDAP required attributes: [id]
- Wrong Base DN/Additional user DN configured
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'wrong-username'. org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
- Wrong user-name or password used in login-form
-
[com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] Authentication failed for 'wrong-username'. org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Note: The meaning of LDAP error codes (such as error code 49) can be found in your LDAP manual.