Testing the LDAP Configuration

How to test the LDAP authentication setup and use server logs to identify common configuration problems.

After configuring the Oxygen Content Fusion Enterprise Server to use LDAP authentication, you can test to make sure the configuration is correct by following these steps:

1. Go to the Oxygen Content Fusion login page. The login screen should now display a Username and Password field now that LDAP authentication is enabled.
2. Log in with your LDAP credentials. If the login succeeds, LDAP authentication is configured properly. Otherwise, continue with the subsequent steps.
3. View the server logs in a new browser tab and for the Service name, choose Content Fusion.
4. You should see multiple logs, but the last logs should be related to the failed login you just attempted. Search through these logs for: [LDAP] Authentication failed for.
   The logged errors may be different depending on your LDAP server, but here are a few examples of what the logs might look like:

   Wrong host/port configured

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-3] OxygenAuthorizingRealm - [LDAP]
   Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
   javax.naming.CommunicationException: ldap.example.com:3899
   [Root exception is java.net.ConnectException: Connection refused: connect]

   SSL enabled, but connecting to non-SSL host

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
   Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
   javax.naming.CommunicationException: simple bind failed: ldap.example.com:389 [Root 
   exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during
   handshake]

   SSL enabled, but certificate not trusted

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
   Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
   javax.naming.ServiceUnavailableException: ldap.example.com:636; socket closed

   Wrong ID attribute configured

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-2] OxygenAuthorizingRealm - [LDAP]
   Authentication failed for 'username'. org.apache.shiro.authc.AuthenticationException: 
   Missing LDAP required attributes: [id]

   Wrong Base DN/Additional user DN configured

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] 
   Authentication failed for 'wrong-username'. 
   org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: 
   [LDAP: error code 49 - Invalid Credentials]

   Wrong user-name or password used in login-form

   [com.oxygenxml.webreviewer.authz.OxygenAuthorizingRealm.doGetUsrPassAuthInfo
   (OxygenAuthorizingRealm.java:203)] [http-nio-8079-exec-8] OxygenAuthorizingRealm - [LDAP] 
   Authentication failed for 'wrong-username'. 
   org.apache.shiro.authc.AuthenticationException: javax.naming.AuthenticationException: 
   [LDAP: error code 49 - Invalid Credentials]

   Note:

   The meaning of LDAP error codes (such as error code 49) can be found in your LDAP manual.