Solved: Validating an LDAP user

AM_9930586 · ‎Jul 14, 2023

Hello all,

My team and I have gotten LDAP working via an ActiveDirectoryDirectoryService, but need to be able to validate another user's non-admin credentials with LDAP, without logging the second user in.

What services exist for manually validating an LDAP credential? We've tried the TestConnection, GetDomainGroups, and IsValidGroup services on the ADDS with admin and personal credentials, and they only work for the administrator.

slangley · ‎Jul 20, 2023

Hi @AM_9930586.

You can't use ThingWorx to manually validate LDAP users. ThingWorx will only perform validation on an authentication request.

If you do want to validate user details, you'll need to query your LDAP server directly.

Regards.

--Sharon

View solution in original post

slangley · ‎Jul 20, 2023

Hi @AM_9930586.

You can't use ThingWorx to manually validate LDAP users. ThingWorx will only perform validation on an authentication request.

If you do want to validate user details, you'll need to query your LDAP server directly.

Regards.

--Sharon

Constantine · ‎Jul 20, 2023

Hello,

For all of those services you mentioned, ActiveDirectoryDirectoryService tries to authenticate against LDAP with the credentials you pass into those services. It ignores admin credentials in the Configuration. It does not run an LDAP query for those credentials on behalf of the admin user. If your non-admin user cannot authenticate directly against your AD, then those services will all fail.

In other words, by passing credentials into those services, it behaves as if the "Dynamic User Login" checkbox was enabled.

/ Constantine