|
|
|
|
|
LDAP/AD authentication is complex to configure, and a lot can go wrong. The purpose of this article is to help you determine what's going wrong and fix it. You should also refer to the LDAP Authentication Flow Chart in the cdaily-x.x.x/WEB-INF/misc/security directory.
First, edit the WEB-INF/ldap.properties file, and set debugMode=true.
Now, follow these steps to re-start connectDaily and test authentication.
Examine the log files. Look at the localhost-xxx log file. If you're using your own servlet container, check it's log directory.
If the error indicates the issue is in the SSL certificate, follow these steps to debug SSL:
Debugging SSL
If it's not working, first try disabling SSL by editing the LDAP.properties file. Once you have authentication working without SSL, re-enable SSL and follow these steps: To debug the SSL connection sequence, define
-Djavax.net.debug=ssl:record
or
-Djavax.net.debug=ssl:handshake
On Windows, this is done by editing the value for:
HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\connectDaily\Parameters\Java\Options
This will send debug information to stdout or in the default installation, the catalina.out file. You should see the certificate exchange and certificate details. Make sure the matching certificate is in the keystore.
If you see a disconnect before the exchange of the certificate from the server, refer to MS KB Article 321051. This article contains information even if you are not using a 3rd party SSL certificate.
http://support.microsoft.com/kb/321051
If the error is not in the SSL communications, look for these things.
For additional information, refer to the LDAP Authentication Flow Chart contained in the cdaily-x.x.x/WEB-INF/misc/security directory.