Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X
Hi all,
I followed CS221840 to enable LDAP authentication on thingworx 7.3. I have followed all the steps mentioned. However. I am unable to login using users from AD. Below is the XML i am using to import Directory Services. Can someone pls help me connect my ThingWorx to AD?
<Entities>
<DirectoryServices>
<DirectoryService name="StrykerActiveDirectory" className="com.thingworx.security.directoryservices.LDAPDirectoryService" description="Apache Directory Services" >
<ConfigurationTables>
<ConfigurationTable name="LDAPProxyConfiguration" isMultiRow="false">
<DataShape description="" name="">
<FieldDefinitions>
<FieldDefinition name="server" baseType="STRING" description="<AD Host Name>" />
<FieldDefinition name="port" baseType="INTEGER" description="<PORTNUMBER>" />
<FieldDefinition name="adminBindDN" baseType="STRING" description="CN=WindchillAdmin\, SGTC,OU=Service Accounts,OU=Asean - India Tech Center,DC=pacific,DC=strykercorp,DC=com" />
<FieldDefinition name="adminPassword" baseType="PASSWORD" description="<PASSWORD>" />
<FieldDefinition name="userIdAttribute" baseType="STRING" description="userPrincipalName" />
<FieldDefinition name="userBaseDN" baseType="STRING" description="CN=SGTC Thingworx Users (Dev),OU=Distribution Groups,DC=pacific,DC=strykercorp,DC=com" />
</FieldDefinitions>
</DataShape>
<Rows>
<Row>
<server><![CDATA[localhost]]></server>
<port>389</port>
<adminBindDN><![CDATA[uid=admin,ou=system]]></adminBindDN>
<adminPassword></adminPassword>
<userIdAttribute>sAMAccountName</userIdAttribute>
<userBaseDN><![CDATA[ou=people, dc=thingworx]]></userBaseDN>
</Row>
</Rows>
</ConfigurationTable>
</ConfigurationTables>
</DirectoryService>
</DirectoryServices>
</Entities>
When I login using a user not already created in ThingWOrx, I get below error.
Error: LDAP authentication for user [varunraj.shanmugavelayudham@stryker.com] failed [reason: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points
When I login using a user already created in ThingWorx, I get below error
Error: LDAP authentication for user [adm_vsha@stryker.com] failed [reason: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points
Warning: Authentication attempt #2 FAILED for [user = adm_vsha@stryker.com]: Invalid Password
Error: Authentication failed: Please make sure the credentials are correct.
Have you enabled Directory Service?
Enabling the Directory Service
yes, I did enable the Directory Services. Did not help.
In this case it looks like we're getting an LDAP error code 10: we are able to successfully connect to the LDAP server, but there seems to be a configuration issue when attempting to validate the user. Typically, LDAP error 10 is returned when LDAP cannot follow one of the referrals (e.g. the user we requested is in a different tree).
We may want to validate the userBaseDN is accurate by connecting with a third-party tool like Softerra.