Previous Topic

Next Topic

Book Contents

Book Index

Debugging LDAP/AD Authentication

LDAP/AD authentication is complex to configure, and a lot can go wrong. The purpose of this article is to help you determine what's going wrong and fix it. You should also refer to the LDAP Authentication Flow Chart in the cdaily-x.x.x/WEB-INF/misc/security directory.

First, edit the WEB-INF/ file, and set debugMode=true.

Now, follow these steps to re-start Connect Daily and test authentication.

  1. Stop the Connect Daily service.
  2. Erase log files. For the default Windows installation, this is in the TCBase\logs directory.
  3. Start the Connect Daily Service.
  4. Attempt to login using an LDAP/AD User Name and Password.

Examine the log files. Look at the localhost-xxx log file. If you're using your own servlet container, check it's log directory.

If the error indicates the issue is in the SSL certificate, follow these steps to debug SSL:

Debugging SSL

If it's not working, first try disabling SSL by editing the file. Once you have authentication working without SSL, re-enable SSL and follow these steps: To debug the SSL connection sequence, define


On Windows, this is done by editing the value for:

HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\ConnectDaily\Parameters\Java\Options

This will send debug information to stdout or in the default installation, the catalina.out file. You should see the certificate exchange and certificate details. Make sure the matching certificate is in the keystore.

If you see a disconnect before the exchange of the certificate from the server, refer to MS KB Article 321051. This article contains information even if you are not using a 3rd party SSL certificate.

If the error is not in the SSL communications, look for these things.

For additional information, refer to the LDAP Authentication Flow Chart contained in the cdaily-x.x.x/WEB-INF/misc/security directory.

See Also

LDAP/Active Directory Authentication

Configuring LDAP Authentication

Configuring Active Directory Authentication Reference Guide