cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X

Issue while enabling LDAP Authentication on ThingWorx

vshanmugavelayu
9-Granite
9-Granite
‎Mar 10, 2017 01:16 PM
‎Mar 10, 2017 01:16 PM

Issue while enabling LDAP Authentication on ThingWorx

Hi all,

I followed CS221840 to enable LDAP authentication on thingworx 7.3. I have followed all the steps mentioned. However. I am unable to login using users from AD. Below is the XML i am using to import Directory Services. Can someone pls help me connect my ThingWorx to AD?

<Entities>

    <DirectoryServices>

        <DirectoryService name="StrykerActiveDirectory" className="com.thingworx.security.directoryservices.LDAPDirectoryService" description="Apache Directory Services" >

            <ConfigurationTables>

                <ConfigurationTable name="LDAPProxyConfiguration" isMultiRow="false">

                    <DataShape description="" name="">

                        <FieldDefinitions>

                            <FieldDefinition name="server" baseType="STRING" description="<AD Host Name>" />

                            <FieldDefinition name="port" baseType="INTEGER" description="<PORTNUMBER>" />

                            <FieldDefinition name="adminBindDN" baseType="STRING" description="CN=WindchillAdmin\, SGTC,OU=Service Accounts,OU=Asean - India Tech Center,DC=pacific,DC=strykercorp,DC=com" />

                            <FieldDefinition name="adminPassword" baseType="PASSWORD" description="<PASSWORD>" />

                            <FieldDefinition name="userIdAttribute" baseType="STRING" description="userPrincipalName" />

                            <FieldDefinition name="userBaseDN" baseType="STRING" description="CN=SGTC Thingworx Users (Dev),OU=Distribution Groups,DC=pacific,DC=strykercorp,DC=com" />

                        </FieldDefinitions>

                    </DataShape>

                    <Rows>

                        <Row>

                            <server><![CDATA[localhost]]></server>

                            <port>389</port>

                            <adminBindDN><![CDATA[uid=admin,ou=system]]></adminBindDN>

                            <adminPassword></adminPassword>

                            <userIdAttribute>sAMAccountName</userIdAttribute>

                            <userBaseDN><![CDATA[ou=people, dc=thingworx]]></userBaseDN>

                        </Row>

                    </Rows>

                </ConfigurationTable>

            </ConfigurationTables>

        </DirectoryService>

    </DirectoryServices>

</Entities>

When I login using a user not already created in ThingWOrx, I get below error.

Error: LDAP authentication for user [varunraj.shanmugavelayudham@stryker.com] failed [reason: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points

When I login using a user already created in ThingWorx, I get below error

Error: LDAP authentication for user [adm_vsha@stryker.com] failed [reason: javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-03100742, data 0, 1 access points

Warning: Authentication attempt #2 FAILED for [user = adm_vsha@stryker.com]: Invalid Password

Error: Authentication failed: Please make sure the credentials are correct.

Labels:
0 Kudos
Notify Moderator
3 REPLIES 3
posipova
20-Turquoise
20-Turquoise
(To:vshanmugavelayu)
‎Mar 10, 2017 01:44 PM
‎Mar 10, 2017 01:44 PM

Have you enabled Directory Service?

Enabling the Directory Service

  • By default, the Directory Service entity that was imported is not enabled.
    • ThingWorx will not use LDAP for authentication until the Directory Service entity is enabled.
  • Edit the Directory Service entity
  • In the General Properties section, check the Enabled checkbox.
  • (Optional) - If you have multiple Directory Service entities configured, you can use the Priority property here to assign an order of authentication to login (where the lower the number, the higher the priority, i.e. 1 is the highest priority).
  • Save the Directory Service entity to enable LDAP authentication.
0 Kudos
Notify Moderator
vshanmugavelayu
9-Granite
9-Granite
(To:posipova)
‎Mar 10, 2017 02:18 PM
‎Mar 10, 2017 02:18 PM

yes, I did enable the Directory Services. Did not help.

0 Kudos
Notify Moderator
Tudor
12-Amethyst
12-Amethyst
(To:vshanmugavelayu)
‎Apr 18, 2017 11:16 AM
‎Apr 18, 2017 11:16 AM

In this case it looks like we're getting an LDAP error code 10: we are able to successfully connect to the LDAP server, but there seems to be a configuration issue when attempting to validate the user.  Typically, LDAP error 10 is returned when LDAP cannot follow one of the referrals (e.g. the user we requested is in a different tree).

We may want to validate the userBaseDN is accurate by connecting with a third-party tool like Softerra.

0 Kudos
Notify Moderator
Top Tags