Edit online

Testing the LDAP Configuration

After configuring the Oxygen Content Fusion Enterprise Server to use LDAP authentication, you can test to make sure the configuration is correct by following these steps:

  1. Go to the Content Fusion browser interface. The login screen should now display a Username and Password field now that LDAP authentication is enabled.
  2. Log in with your LDAP credentials. If the login succeeds, LDAP authentication is configured properly. Otherwise, continue with the subsequent steps.
  3. View the server logs in a new browser tab and for the Service name, choose Content Fusion.
  4. You should see multiple logs, but the last logs should be related to the failed login you just attempted. Search through these logs for: [LDAP] Authentication failed for.
    The logged errors may be different depending on your LDAP server, but here are a few examples of what the logs might look like:
    Wrong host/port configured
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-3] OxygenAuthorizingRealm - [LDAP]
    Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
    javax.naming.CommunicationException: ldap.example.com:3899
    [Root exception is java.net.ConnectException: Connection refused: connect]
    SSL enabled, but connecting to non-SSL host
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
    Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
    javax.naming.CommunicationException: simple bind failed: ldap.example.com:389 [Root 
    exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during
    handshake]
    SSL enabled, but certificate not trusted
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
    Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
    javax.naming.ServiceUnavailableException: ldap.example.com:636; socket closed
    Wrong ID attribute configured
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
    Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
    Missing LDAP required attributes: [id]
    Wrong Base DN/Additional user DN configured
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] 
    Authentication failed for 'wrong-username'. 
    org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: 
    [LDAP: error code 49 - Invalid Credentials]
    Wrong user-name or password used in login-form
    [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
    (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] 
    Authentication failed for 'wrong-username'. 
    org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: 
    [LDAP: error code 49 - Invalid Credentials]
    Note: The meaning of LDAP error codes (such as error code 49) can be found in your LDAP manual.