Posted: 21 Nov 2017 21:30 EST Last activity: 4 Jan 2018 5:41 EST
Pega AD authentication using LDAP error
I faced issue while setting up LDAP in Pega 7.2. The configuration was fine. When I test connectivity in LDAP configuration page it was successful and no error. but when I test login using AD credential in PRWebLdap page I faced authentication error. below is the log generated. Need assistance urgently.
2017-11-22 09:49:32,079 [ WebContainer : 1] [ STANDARD] [ ] [ PegaRULES:07.10] (edentials.Code_Security.Action) ERROR localhost|0:0:0:0:0:0:0:1 - External authentication failed:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310021B, problem 2001 (NO_OBJECT), data 0, best match of:
]; remaining name ''
Hi Narasimha, do you mean creating operators? I have done that. I have created operators in the Organization Unit matching the Attributes which I mapped in the LDAP configuration. The organizational chart was created by me manually though. Attached is the guide I followed but not using open ldap. I used Windows AD instead. Any thing I missed out?
You are adding organisation attributes and unit attributes in AD manually I hope this is causing the issue. I haven't configured in AD but I am familiar with Open LDAP. Please check is there any option to add organisation and organisation unit as below
I'm experiencing an issue with this also. I have the LDAP authentication service configured and the test works just fine. When I attempt to logon with a windows user that's been configured to be the same in Pega I get an error in the log
External authentication will fail: Couldn't retrieve the Data-Admin-AuthService instance: WebStandardLDAP1
java.lang.Exception: Unable to open AuthService definition
I've now managed to get this working, needed to use an Access Group that was associated with a ruleset.
Anyways, I'm now trying to get this to work using a different attribute for the User Name than what is used in the Search filter. Where by the search filter takes the user input on the login form (sAMAccountName=%V) and finds the username specified but I want to use a different AD attribute for the Pega login name (pyUserIdentifier) so I specified employeeID in the "User name attribute" field. However it doesn't work and keeps returning the entered user name from the form.
How do I get it to recognise the employeeID returned attribute as the pyUserIdentifier field?
I believe that is set in the Authentication Service Mappings tab you can map the Attribute to the property there. That is then iterated in the activity in the java step 2 to get it on the clipboard....
Anyways I have already tried this, .pyUserIdentifier is overwritten with param.UserIdentifier in step 3 and again in step 9. So no matter what is in the Service mapping for .pyUserIdentifier it is always getting overwritten with the forms user input.
Only way I can see to get this to work is to change the activity which I am less inclined to do.