LDAP Tools

Overview

This Plug-in provides the ability to update Appian user profiles from data retrieved from an LDAP server. The data that can be synchronized include all the default user profile fields except the username (e.g. first name, last name, address, phone, supervisor, title, etc…) as well as the custom fields.

Key Features & Functionality

  • LDAP User Profile Synchronization (Smart Service) - available in the Process Modeler under Integration Services > Connectivity Services
  • LDAP Sync Process Model (Sample Process Model) - will need to be tailored and tested based on identity management requirements
  • ldapSearch() Function - returns an array of LDAP attributes for a specific search query

See the instructions documentation (attached PDF) and https://community.appian.com/w/the-appian-playbook/520/ldap-synchronization for more information.

Anonymous
  • Dear Appian,

    Any feedback on the SSLHandshakeException several other community members have reported? We have the same issue. See below:

    • [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].

    Please advise urgently so that we can decide on whether we should continue down this path or not.

    Kind Regards,

    Philip Snyman

  • Question for author: Our security department would like some details about how/if this plug-in encrypts traffic between our cloud instance and our LDAP server.  From other posts there's SSL and a cert...somewhere?  Any way we could get more details on this?

  • Hello All,

    We are facing an issue with  "LDAP User Profile Synchronisation"smart service.

     

    This issue seems to be because of the certificate expiry. Although we couldn't find out any existing certificate configured for that smart service in the system.

     

    We uploaded the new certificate in the admin console - Trusted server certificate tab, (tried uploading the new certificate in the Client certificate tab as well), but the issue still persists. The error is shown as below and the node is getting errored out. Because of this, the user profile sync is not happening which is expected to happen every night as the Nightly job process and it has become a high priority issue in Production right now.

     

    Error Message:

    "com.appiancorp.services.exceptions.ServiceException: javax.naming.CommunicationException: dal1dc03-vm.appian.syniverse.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed]"

     

    Do you have any suggestions on this?

  • Hello All,

    We are facing an issue with  "LDAP User Profile Synchronisation"smart service.

     

    This issue seems to be because of the certificate expiry. Although we couldn't find out any existing certificate configured for that smart service in the system.

     

    We uploaded the new certificate in the admin console - Trusted server certificate tab, (tried uploading the new certificate in the Client certificate tab as well), but the issue still persists. The error is shown as below and the node is getting errored out. Because of this, the user profile sync is not happening which is expected to happen every night as the Nightly job process and it has become a high priority issue in Production right now.

     

    Error Message:

    "com.appiancorp.services.exceptions.ServiceException: javax.naming.CommunicationException: dal1dc03-vm.appian.syniverse.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed]"

     

    Do you have any suggestions on this?

  • Is anyone else having issues with ldapsearch() since upgrading so 21.2?

  • We have proper certificates client and server in the admin console (cloud 21.2) section for integration. how ever it seems that we still need to supply a keystore path in the LDAP tools (V 1.4.0) to properly connect to out ldaps server. Can someone advise on how to get this properly setup?

  • Hi,

    Thanks for the release.
    Any news about the use of deprecated API and the synchronization problem once a directory service group  is empty ?

    Best regards,

    Jean-Jacques

  • v1.4.0 Release Notes
    • Updated the LDAP Sync application to support multi-language
  • Hi everyone !
    Before January ends, I wish you all a happy new year : keep safe and stay healthy !

    I'd like to know if one of you have experienced a synchronization error while you retrieve the last user of a directory service group ?
    We got this error message sent :

    This case doesn't seem to be described in the Plugin's documentation, so is it a anomally or is it an expected behaviour ?
    How do you handle this error when it appears, and is there a workaround to bypass it ?

    This behaviour is quite embarrassing in our case, as some service/group can fused, so we need in some cases to move users from a group to another.

    Thanks for reading, and moreover, for responding !

    Jean-Jacques

  • It may also be the case that their usernames are invalid Appian usernames (use invalid characters) so they aren't being created.

    A username can only contain letters, numbers, and the following special characters: @ . _ - .
    It must not match an existing username regardless of case. For example, if john.doe already exists, you cannot enter JOHN.doe