This content has been marked as final. Show 6 replies
You'll find a bunch of messages here on MS Active Directory authentication, but just in short...
The LDAP Host will just be your servername or ip address for one of your domain controllers or delgated authentication servers.
The LDAP DN String needs to be: yourdomainname\%LDAP_USER%
Although we had good success with the build in process, we eventually went to a DBMS_LDAP based custom procedure because we had multiple domain controllers and needed fail-over and other features, so don't feel trapped into the built-in solution if you need more functionality down the road.
Hope this helps.
Yes LDAP (and specifically AD) authentication definitely works.
In my experience it's usually the LDAP DN string that is incorrect in most cases where it is not working, your LDAP administrator should be able to tell you what to use. It also helps to have a good relationship with your LDAP admin because they will let you look at the LDAP server logs and you should be able to see exactly what information your app is passing across (i.e. what DN's it is using and what attributes it is using etc).
Have you tried using the LDAP test tool built into Apex? Also, when it fails does it take a while to fail (indicating that it's probably a hostname/port issue) or does it fail quickly (indicating that it's probably more likely the LDAP DN string that is incorrect)?
Hope this helps,
I'm using the LDAP Test tool to test authentication to our AD server. I can get it to authenticate using the common name "CN=" value, but I need to authenticate against the sAMAccountName attribute (which is the login account name). Could you give me an example of the DN string you used (see below).
LDAP Host: myLDAPServer.anycorp.com
LDAP Port: 389/3268
LDAP DN String: cn=%LDAP_USER%,ou=users,ou=ANYCO,dc=anycorp,dc=com ** works with whole name "Joe User"
LDAP DN String: sAMAccountName =%LDAP_USER%,ou=users,ou=ANYCO,dc= anycorp,dc=com ** does not work with account name “joeu”
Thanks for any help on this.