KB-1286 LDAP authentication test in Admin Console displays "Invalid Base DN"

Symptoms

When setting up LDAP Authentication in the Admin Console and a user clicks on ‘Test’, the configuration fails and the result is ‘Invalid Base DN’:

After setting the log4j.logger.org.springframework.security logger to DEBUG in appian_log4j.properties (located in <APPIAN_HOME>/ear/suite.ear/resources), the following error is printed in the application server log:

DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...

Cause

When testing the LDAP configuration in the Administration Console, Appian binds as the user currently logged in to Appian and then attempts to query the LDAP directory to retrieve attributes associated with that user. The configuration fails to query the directory or to retrieve the user’s attributes due to lack of privileges/permissions, which manifests through an ‘Invalid Base DN’.

Action

  1. Using an LDAP Client (like Apache Directory Studio) bind as user1.
  2. Browse the LDAP tree and see if user1 is listed and if you can view its attributes. If not, the Appian LDAP configuration validation will fail.
  3. Grant this user privileges to query the LDAP directory and its own attributes.

Affected Versions

This article applies to Appian 7.10 and later.

Last Reviewed: April 2017

Related
Recommended