Testing Active Directory Connection
This is a tutorial on how to test LDAP connection configuration with Windows Active Directory in a simple case scenario using mostly default settings.
These are the assumptions about the environment (local network):
• Internal domain name: yourcompany.local.
• Domain controller server name: server.yourcompany.local.
• LDAP port: default (389).
• The Codebeamer server can resolve the host address/name: server.yourcompany.local This can be verified, for example,by ping command: ping server.yourcompany.local .
Steps to follow:
1. In you active directory, create new organizational unit 'CBTEST'.
2. In the 'CBTEST' organizational unit, create a new account: 'cbuser' Pre-Windows 2000, your user logon name should look be: yourcompany\cbuser Your user logon name should look like: cbuser@yourcompany.local First/Last name doesn't really matter, but will get significance later at verification For the sake of simplicity. uncheck "User must change password at next logon".
3. Verify that cbuser can login to your domain (e.g. login from a workstation with its credentials).
4. In Codebeamer go to System Administration > User Authentication.
5. Enter the following configuration settings:
◦ LDAP/Active Directory Server section.
Server URL(s): ldap://srvr.local.local:389.
Base domain: dc=yourcompany,dc=local.
Username: administrator (a user with proper LDAP access).
Password: (administrator password).
◦ Search user section in (not with): ou=CBTEST At this point leave all the other entries on default:
6. Under the section "Test authentication against LDAP/Active Directory", enter cbuser and its password, and click on Test.
7. If the test is successful, the following message is displayed, and a new column appears in the right side panel with the header Response from LDAP listing the returned attributes (e.g. first/last name).
 | The test user is successfully authenticated, please verify the mapped content below! |
Error message examples when the test fails:
 | You must change you password before you can log in. |
Step 2. and 3. were not done correctly.
| | Please enter your password. |
No password is specified for the test user (cbuser).
| | The entered username is invalid. |
Incorrect test user name Search user conditions are incorrect (alternatively you can try to wipe out the in field and make sure "recursively" option is checked).
| | LDAP/Active Directory authentication failed: Failed to borrow DirContext from pool.; nested exception is java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed. |
Base domain is incorrect No password is specified for the server connection user (administrator).
| | LDAP/Active Directory authentication failed: Failed to borrow DirContext from pool.; nested exception is org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0] |
Server connection user and/or password is incorrect (administrator).
| | LDAP/Active Directory authentication failed: Failed to borrow DirContext from pool.; nested exception is org.springframework.ldap.CommunicationException: srvrx.local.local:389; nested exception is javax.naming.CommunicationException: server.yourcompany.local:389 [Root exception is java.net.UnknownHostException: server.yourcompany.local] |
Server name is incorrect or cannot be resolved.