https://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dnen-USTelligent Community 12https://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dnMon, 12 Jun 2017 13:53:02 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:dd1904f7-c884-4e44-9c5c-1e6cff672258Nick Vigilantehttps://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dn#commentsCurrent Revision posted to Appian Knowledge Base by Nick Vigilante on 6/12/2017 1:53:02 PM<br /> <h2>Symptoms</h2> <p><span style="font-weight:400;">When setting up LDAP Authentication in the Admin Console and a user clicks on &lsquo;Test&rsquo;, the configuration fails and the result is &lsquo;Invalid Base DN&rsquo;:</span></p> <p><span style="font-weight:400;"><a href="/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-11/0815.image01.png"><img src="/resized-image/__size/1200x0/__key/communityserver-wikis-components-files/00-00-00-00-11/0815.image01.png" alt=" " /></a></span></p> <p>After setting the <code>log4j.logger.org.springframework.security</code> logger to <code>DEBUG</code> in <strong>appian_log4j.properties</strong> (located in <code>&lt;APPIAN_HOME&gt;/ear/suite.ear/resources</code>), the following error is printed in the application server log:</p> <pre><span style="font-weight:400;">DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...</span></pre> <h2>Cause</h2> <p>When testing the LDAP configuration in the Administration Console, Appian binds as the user currently logged in to Appian and then attempts to query the LDAP directory to retrieve attributes associated with that user. The configuration fails to query the directory or to retrieve the user&rsquo;s attributes due to lack of privileges/permissions, which manifests through an &lsquo;Invalid Base DN&rsquo;.</p> <h2>Action</h2> <ol> <li><span style="font-weight:400;">Using an LDAP Client (like Apache Directory Studio) bind as user1.</span></li> <li><span style="font-weight:400;">Browse the LDAP tree and see if user1 is listed and if you can view its attributes. If not, the Appian LDAP configuration validation will fail.</span></li> <li><span style="font-weight:400;"> Grant this user privileges to query the LDAP directory and its own attributes.</span></li> </ol> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to Appian 7.10 and later.</span></p> <p><span style="font-weight:400;">Last Reviewed:&nbsp;April 2017</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: LDAP, admin console, authentication</div> https://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dn/revision/4Mon, 17 Apr 2017 15:10:40 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:dd1904f7-c884-4e44-9c5c-1e6cff672258Nick Vigilantehttps://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dn#commentsRevision 4 posted to Appian Knowledge Base by Nick Vigilante on 4/17/2017 3:10:40 PM<br /> <h2>Symptoms</h2> <p><span style="font-weight:400;">When setting up LDAP Authentication in the Admin Console and a user clicks on &lsquo;Test&rsquo;, the configuration fails and the result is &lsquo;Invalid Base DN&rsquo;:</span></p> <p><span style="font-weight:400;"><a href="/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-11/0815.image01.png"><img src="/resized-image/__size/1200x0/__key/communityserver-wikis-components-files/00-00-00-00-11/0815.image01.png" alt=" " /></a></span></p> <p>After setting the <code>log4j.logger.org.springframework.security</code> logger to <code>DEBUG</code> in <strong>appian_log4j.properties</strong> (located in <code>&lt;APPIAN_HOME&gt;/ear/suite.ear/resources</code>), the following error is printed in the application server log:</p> <pre><span style="font-weight:400;">DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...</span></pre> <h2>Cause</h2> <p>When testing the LDAP configuration in the Administration Console, Appian binds as the user currently logged in to Appian and then attempts to query the LDAP directory to retrieve attributes associated with that user. The configuration fails to query the directory or to retrieve the user&rsquo;s attributes due to lack of privileges/permissions, which manifests through an &lsquo;Invalid Base DN&rsquo;.</p> <h2>Action</h2> <ol> <li><span style="font-weight:400;">Using an LDAP Client (like Apache Directory Studio) bind as user1.</span></li> <li><span style="font-weight:400;">Browse the LDAP tree and see if user1 is listed and if you can view its attributes. If not, the Appian LDAP configuration validation will fail.</span></li> <li><span style="font-weight:400;"> Grant this user privileges to query the LDAP directory and its own attributes.</span></li> </ol> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to Appian 7.10 and later.</span></p> <p><span style="font-weight:400;">Last Reviewed:&nbsp;April 2017</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: LDAP, admin console, authentication</div> https://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dn/revision/3Mon, 17 Apr 2017 11:10:40 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:dd1904f7-c884-4e44-9c5c-1e6cff672258Nick Vigilantehttps://community.appian.com/support/w/kb/549/kb-1286-ldap-authentication-test-in-admin-console-displays-invalid-base-dn#commentsRevision 3 posted to Appian Knowledge Base by Nick Vigilante on 4/17/2017 11:10:40 AM<br /> <h2>Symptoms</h2> <p><span style="font-weight:400;">When setting up LDAP Authentication in the Admin Console and a user clicks on &lsquo;Test&rsquo;, the configuration fails and the result is &lsquo;Invalid Base DN&rsquo;:</span></p> <p><span style="font-weight:400;"><a href="/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-13/0815.image01.png"><img src="/resized-image/__size/1200x0/__key/communityserver-wikis-components-files/00-00-00-00-13/0815.image01.png" alt=" " /></a></span></p> <p>After setting the <code>log4j.logger.org.springframework.security</code> logger to <code>DEBUG</code> in <strong>appian_log4j.properties</strong> (located in <code>&lt;APPIAN_HOME&gt;/ear/suite.ear/resources</code>), the following error is printed in the application server log:</p> <pre><span style="font-weight:400;">DEBUG org.springframework.security.ldap.authentication.BindAuthenticator - Retrieving attributes...</span></pre> <h2>Cause</h2> <p>When testing the LDAP configuration in the Administration Console, Appian binds as the user currently logged in to Appian and then attempts to query the LDAP directory to retrieve attributes associated with that user. The configuration fails to query the directory or to retrieve the user&rsquo;s attributes due to lack of privileges/permissions, which manifests through an &lsquo;Invalid Base DN&rsquo;.</p> <h2>Action</h2> <ol> <li><span style="font-weight:400;">Using an LDAP Client (like Apache Directory Studio) bind as user1.</span></li> <li><span style="font-weight:400;">Browse the LDAP tree and see if user1 is listed and if you can view its attributes. If not, the Appian LDAP configuration validation will fail.</span></li> <li><span style="font-weight:400;"> Grant this user privileges to query the LDAP directory and its own attributes.</span></li> </ol> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to Appian 7.10 and later.</span></p> <p><span style="font-weight:400;">Last Reviewed:&nbsp;April 2017</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: LDAP, admin console, authentication</div>