KB-1683 LDAP authentication FAQ

Parmida Borhani — Wed, 03 Mar 2021 01:52:43 GMT

Current Revision posted to Appian Knowledge Base by Parmida Borhani on 3/3/2021 1:52:43 AM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Table of Contents:

Should I restrict LDAP authentication to a particular group?
What is my DN pattern?
I have users under different OUs. What should I put as the DN pattern?
Can Appian implement multiple LDAP servers?
Can Appian users who are created upon first login be placed in a group automatically?
What is the difference between “Bind as user” vs. “Search for user then bind as user” options?
Can I set up LDAP with my Appian Cloud environment?
My LDAP Sync process is not working correctly. What can I do?

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

The DN, or Distinguished Name, is the unique list of domain components added together to define your LDAP user objects, similar to how a full file path defines a file location in an operating system. The DN pattern in conjunction with the LDAP URL will identify where your Appian users reside in your LDAP directory in order for Appian to find and authenticate users. Whatever is specified as the LDAP username attribute should be added to the DN pattern set to {username}. {username} will be replaced by the username entered by the user.

For example, in the Appian Admin console if your username attribute is set to cn and your user's Distinguished Names were made up of domain components ou=appianusers, dc=companyName, dc=com, provided a URL such as ldap://<LDAP_FQDN_OR_IP_ADDRESS>:389/dc=companyName,dc=com, your DN pattern would be cn={username}, ou=appianusers.

I have users under different OUs. What should I put as the DN pattern?

If there are multiple OUs within a parent OU, having only the parent OU in the DN pattern will suffice. Users under all the child OUs will be able to access the site.

If you selected "Search for user then bind as user", the 'Administrator' would need to have permission to view the users in order to sign in.

Can Appian implement multiple LDAP servers?

Yes, Appian can accept multiple LDAP URLs, however the base DN must be the same.The intention is for each additional URL to serve as a backup in case the first server goes down. They are not intended to be used as multiple base DN providers.

Can Appian users who are created upon first login be placed in a group automatically?

Yes, if LDAP authentication is restricted to a particular group then when users are created they will be automatically added to that group. Note: users created like this default to the Basic User type.

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

Bind — Use this method when Appian should connect to the LDAP server and bind using the username (CN) and password of the user who is attempting to log in to Appian. Use this method when the CN field on the LDAP account matches the username defined in Appian.
Search and Bind — Use this method to connect to the LDAP server using a pre-configured set of credentials. This method can be used when the value for the CN field on your users' LDAP account does not match the username defined in Appian, eg the Appian username may be another field such as UID or sAMAccountName in a standard Active Directory environment. Search and bind requires a service account that has full access to the base DN, since this account will search for the user who is attempting to log in.

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

Yes. To integrate with Appian Cloud, it is recommended that a VPN connection should be established between the Appian environment and your LDAP server. See the documentation on VPN integration. Note that if you wish to use LDAPS, DNS resolution must be configured and you must use publicly signed CA certificates.

My LDAP Sync process is not working correctly. What can I do?

Add the following loggers to the appian_log4j.properties file. For Appian 18.3 and later, this file can be found in <APPIAN_HOME>/deployment/web.war/WEB-INF/resources. For Appian 18.2 and earlier, this file can be found in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Then rerun the process and check the application server log for details on the error you may be facing. Most of the time the error stems from a connection issue from the Appian server to the LDAP server.

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: March 2021

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Parmida Borhani — Wed, 03 Mar 2021 01:52:16 GMT

Revision 13 posted to Appian Knowledge Base by Parmida Borhani on 3/3/2021 1:52:16 AM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Table of Contents:

Should I restrict LDAP authentication to a particular group?
What is my DN pattern?
I have users under different OUs. What should I put as the DN pattern?
Can Appian implement multiple LDAP servers?
Can Appian users who are created upon first login be placed in a group automatically?
What is the difference between “Bind as user” vs. “Search for user then bind as user” options?
Can I set up LDAP with my Appian Cloud environment?
My LDAP Sync process is not working correctly. What can I do?

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

I have users under different OUs. What should I put as the DN pattern?

If there are multiple OUs within a parent OU, having only the parent OU in the DN pattern will suffice. Users under all the child OUs will be able to access the site.

If you selected "Search for user then bind as user", the 'Administrator' would need to have permission to view the users in order to sign in.

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

My LDAP Sync process is not working correctly. What can I do?

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: March 2021

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Parmida Borhani — Thu, 23 May 2019 23:16:41 GMT

Revision 12 posted to Appian Knowledge Base by Parmida Borhani on 5/23/2019 11:16:41 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Table of Contents:

Should I restrict LDAP authentication to a particular group?
What is my DN pattern?
Can Appian implement multiple LDAP servers?
Can Appian users who are created upon first login be placed in a group automatically?
What is the difference between “Bind as user” vs. “Search for user then bind as user” options?
Can I set up LDAP with my Appian Cloud environment?
My LDAP Sync process is not working correctly. What can I do?

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

My LDAP Sync process is not working correctly. What can I do?

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: May 2019

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Parmida Borhani — Thu, 23 May 2019 23:15:59 GMT

Revision 11 posted to Appian Knowledge Base by Parmida Borhani on 5/23/2019 11:15:59 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Table of Contents:

Should I restrict LDAP authentication to a particular group?
What is my DN pattern?
Can Appian implement multiple LDAP servers?
Can Appian users who are created upon first login be placed in a group automatically?
What is the difference between “Bind as user” vs. “Search for user then bind as user” options?
Can I set up LDAP with my Appian Cloud environment?
My LDAP Sync process is not working correctly. What can I do?

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

My LDAP Sync process is not working correctly. What can I do?

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: May 2019

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Jordan Horwat — Wed, 12 Dec 2018 14:54:42 GMT

Revision 10 posted to Appian Knowledge Base by Jordan Horwat on 12/12/2018 2:54:42 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Table of Contents:

Should I restrict LDAP authentication to a particular group?
What is my DN pattern?
Can Appian implement multiple LDAP servers?
Can Appian users who are created upon first login be placed in a group automatically?
What is the difference between “Bind as user” vs. “Search for user then bind as user” options?
Can I set up LDAP with my Appian Cloud environment?
My LDAP Sync process is not working correctly. What can I do?

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

Yes. To integrate with Appian Cloud, it is recommended that a VPN connection should be established between the Appian environment and your LDAP server. See our documentation on VPN integration here: https://docs.appian.com/suite/help/latest/Cloud_VPN_Integration.html. Note that if you wish to use LDAPS, DNS resolution must be configured and you must use publicly signed CA certificates.

My LDAP Sync process is not working correctly. What can I do?

Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Jordan Horwat — Wed, 12 Dec 2018 14:53:37 GMT

Revision 9 posted to Appian Knowledge Base by Jordan Horwat on 12/12/2018 2:53:37 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

My LDAP Sync process is not working correctly. What can I do?

Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Jordan Horwat — Fri, 07 Dec 2018 15:10:18 GMT

Revision 8 posted to Appian Knowledge Base by Jordan Horwat on 12/7/2018 3:10:18 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Should I restrict LDAP authentication to a particular group?

Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

What is my DN pattern?

Can Appian implement multiple LDAP servers?

Can Appian users who are created upon first login be placed in a group automatically?

What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Can I set up LDAP with my Appian Cloud environment?

My LDAP Sync process is not working correctly. What can I do?

Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

KB-1683 LDAP authentication FAQ

Parmida Borhani — Thu, 30 Aug 2018 04:39:42 GMT

Revision 7 posted to Appian Knowledge Base by Parmida Borhani on 8/30/2018 4:39:42 AM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

A: The DN, or Distinguished Name, is the unique list of domain components added together to define your LDAP user objects, similar to how a full file path defines a file location in an operating system. The DN pattern in conjunction with the LDAP URL will identify where your Appian users reside in your LDAP directory in order for Appian to find and authenticate users. Whatever is specified as the LDAP username attribute should be added to the DN pattern set to {username}. {username} will be replaced by the username entered by the user.

Q: Can Appian implement multiple LDAP servers?

A: Yes, Appian can accept multiple LDAP URLs, however the base DN must be the same.The intention is for each additional URL to serve as a backup in case the first server goes down. They are not intended to be used as multiple base DN providers.

Q: Can Appian users who are created upon first login be placed in a group automatically?

A: Yes, if LDAP authentication is restricted to a particular group then when users are created they will be automatically added to that group. Note: users created like this default to the Basic User type.

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

A: Bind — Use this method when Appian should connect to the LDAP server and bind using the username (CN) and password of the user who is attempting to log in to Appian. Use this method when the CN field on the LDAP account matches the username defined in Appian.
Search and Bind — Use this method to connect to the LDAP server using a pre-configured set of credentials. This method can be used when the value for the CN field on your users' LDAP account does not match the username defined in Appian, eg the Appian username may be another field such as UID or sAMAccountName in a standard Active Directory environment. Search and bind requires a service account that has full access to the base DN, since this account will search for the user who is attempting to log in.

For more information, refer to LDAP Authentication under Authentication Method.

Q: Can I set up LDAP with my Appian Cloud environment?

A: Yes. To integrate with Appian Cloud, it is recommended that a VPN connection should be established between the Appian environment and your LDAP server. See our documentation on VPN integration here: https://docs.appian.com/suite/help/latest/Cloud_VPN_Integration.html. Note that if you wish to use LDAPS, DNS resolution must be configured and you must use publicly signed CA certificates.

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Tom Ryan — Wed, 29 Aug 2018 22:01:11 GMT

Revision 6 posted to Appian Knowledge Base by Tom Ryan on 8/29/2018 10:01:11 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

For more information, refer to LDAP Authentication under Authentication Method.

Q: Can I set up LDAP with my Appian Cloud environment?

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Parmida Borhani — Thu, 23 Aug 2018 21:21:59 GMT

Revision 5 posted to Appian Knowledge Base by Parmida Borhani on 8/23/2018 9:21:59 PM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

A: Bind — Use LDAP bind when Appian connects to the LDAP server and binds using the CN and password. (These values are the username and password of the user logging Appian). Use the bind method when your LDAP account's CN field matches that of the username defined in Appian.
Search and Bind — Use LDAP search and bind when your LDAP account's CN field is a user's full name or does not match the username defined in Appian. For search and bind, the username is usually in another field such as UID or sAMAccountName in a standard Active Directory environment. Search and bind requires the credentials for a service account that has full access to the base DN. This information allows Appian to log into the LDAP server and search for the specified field.

Q: Can I set up LDAP with my Appian Cloud environment?

A: To integrate with Cloud, a VPN connection should be established between the Appian environment and your LDAP server. See our documentation on VPN integration here: https://docs.appian.com/suite/help/latest/Cloud_VPN_Integration.html. Note that with a VPN set up, LDAPS (LDAP with SSL) is not required since the connection is already protected via the VPN tunnel. If you wish to use LDAPS, DNS resolution must be configured and you must use publicly signed CA certificates.

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Sean Kim — Thu, 23 Aug 2018 04:52:39 GMT

Revision 4 posted to Appian Knowledge Base by Sean Kim on 8/23/2018 4:52:39 AM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

For example, in the Appian Admin console if your username attribute is set to cn and your user's Distinguished Names were made up of domain components ou=appianusers, dc=companyName, dc=com, provided a URL such as ldap://<LDAP_FQDN_OR_IP_ADDRESS>:389/dc=companyName,dc=com, your DN pattern would be cn={username}, ou=appianusers.

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

Q: Can I set up LDAP with my Appian Cloud environment?

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Sean Kim — Thu, 23 Aug 2018 04:51:18 GMT

Revision 3 posted to Appian Knowledge Base by Sean Kim on 8/23/2018 4:51:18 AM

The purpose of this article is to provide answers to some of the common questions related to LDAP authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: Yes. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

For example, in the Appian Admin console if your username attribute is set to cn and your user's Distinguished Names were made up of domain components ou=appianusers, dc=companyName, dc=com, provided a URL such as ldap://<LDAP_FQDN_OR_IP_ADDRESS>:389/dc=companyName,dc=com, your DN pattern would be cn={username}, ou=appianusers.

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

Q: Can I set up LDAP with my Appian Cloud environment?

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG

log4j.logger.com.appian.directory.syncwithusernames=DEBUG

log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Sean Kim — Wed, 22 Aug 2018 15:59:21 GMT

Revision 1 posted to Appian Knowledge Base by Sean Kim on 8/22/2018 3:59:21 PM

The purpose of this article is to provide answers to some of the common questions related to SAML authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: YES. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

A: The DN, or Distinguished Name, is the unique list of domain components added together to define your LDAP directory structure. The DN pattern will identify where your Appian users reside in your LDAP directory in order for Appian to find and authenticate users. Whatever is specified as the LDAP username attribute should be added to the DN pattern set to {username}. {username} will be replaced by the username entered by the user.

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

A: Yes, if LDAP authentication is restricted to a particular group then when users are created they will be automatically added to that group. **Note: users created like this default to the Basic User type.

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

Q: Can I set up LDAP with my Appian Cloud environment?

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Then rerun the process and check the JBoss server log for details on the error you may be facing. Most of the time the error stems from a connection issue from the Appian server to the LDAP server.

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ

[DRAFT] KB-XXXX LDAP Authentication FAQ

Sean Kim — Wed, 22 Aug 2018 11:59:35 GMT

Revision 2 posted to Appian Knowledge Base by Sean Kim on 8/22/2018 11:59:35 AM

The purpose of this article is to provide answers to some of the common questions related to SAML authentication in Appian.

Q: Should I restrict LDAP authentication to a particular group?

A: YES. This prevents getting locked out of the environment if the LDAP server is unreachable (network issue).

Q: What is my DN pattern?

Q: Can Appian implement multiple LDAP servers?

Q: Can Appian users who are created upon first login be placed in a group automatically?

Q: What is the difference between “Bind as user” vs. “Search for user then bind as user” options?

Q: Can I set up LDAP with my Appian Cloud environment?

Q: My LDAP Sync process is not working correctly. What can I do?

A: Add the following loggers to the appian_log4j.properties file located in <APPIAN_HOME>/ear/suite.ear/resources:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG
log4j.logger.com.appian.directory.syncwithusernames=DEBUG
log4j.logger.com.appiancorp.plugin.directory=DEBUG
log4j.logger.org.ldaptive=DEBUG

Then rerun the process and check the JBoss server log for details on the error you may be facing. Most of the time the error stems from a connection issue from the Appian server to the LDAP server.

Affected Versions

This article applies to Appian 7.11 and later.

Last Reviewed: August 2018

Tags: LDAP, authentication, FAQ