4 Replies Latest reply on Sep 24, 2015 5:42 AM by tburns

    ATD Build 3.4.8 and LDAP configuration preventing UI login

    tburns

       

      Dear colleagues,

       

       

      I am have been setting up an ATD for a POC for a customer in the UK and have encountered the following issue:

       

       

      After configuring LDAP in ATD with Build 3.4.8.96  as shown with the error on LDAP test connection:

       

         

       

      Despite using the correct password I am unable to login via the web UI.

       

       

      It is possible to login with  cliadmin on the console, so  the question is there a command to reset the LDAP configuration via the CLI?

       

       

      I have looked in the manual and this does not appear to be a CLI command to undo the LDAP setting in the external facing documentation.

       

       

       

      FYI

       

       

      There does appear to be a undocumented feature with LDAP component as if I use ldp.exe with the same AD credentials it does not report an error.

       

       

      If “simple” is used no error is reported in the ATD UI

       

       

      Many thanks in advance

       

       

       

      Tony

       

        • 1. Re: ATD Build 3.4.8 and LDAP configuration preventing UI login
          Troja

          Hi,

          tested in my Environment. Noticed the same Problem. LDAP Simple works, SSL does not.

          I also had the Problem, after configuring LDAP i was not able to logon to ATD with any user, AD user or local user. :-(

           

          Does this work in your Environment?

          Cheers

          • 2. Re: ATD Build 3.4.8 and LDAP configuration preventing UI login
            tburns

            Hi Troja,

             

            I experienced the same results with my ATD box as [simple] worked but SSL does not with local or AD user account.

             

            The only way to log in is with CLIADMIN via a console connection.

             

            I intend to raise a sales escalation to determine the CLI command to reset the LDAP configuration, the alternative being to reset the box back to factory default via the CLI

             

            Tony

            • 3. Re: ATD Build 3.4.8 and LDAP configuration preventing UI login
              infosecjeff

              Tony,

               

              What was the resolution on this issue. I ran into a very similar issue, and have yet to get the atdadmin account permission to access the FTP server, even after factorydefaults was issued.

              • 4. Re: ATD Build 3.4.8 and LDAP configuration preventing UI login
                tburns

                Hello,

                 

                This is my understanding and I am waiting for confirmation on this

                 

                Q1: Is it necessary to create local ATD database user accounts for the configuration of LDAP in ATD?

                 

                • This is required only for the accounts already enabled in the local ATD authentication database (see page 6 ATD 3.4.8 Product Guide Rev A for list of required user names to be added to LDAP), the only exception being the CLIADMIN account

                 

                 

                Q2: Does the enablement of LDAP require the “Fallback” option to be ticked i.e. enabled?

                 

                • LDAP does not require Fallback to be ticked, if Fallback is enabled this will enforce the matching of user accounts and user password in the local database (of ATD) with the equivalent in LDAP which will add additional administrative overhead for the creation of LDAP accounts and maintenance of passwords.
                • NOTE: If Fallback is NOT enabled the matching of LDAP usernames and passwords with the local ATD authentication database will not be applied and thus avoid the administrative overhead described above.

                  

                 

                Q3: Why does ATD enforce password complexity on the creation of user accounts which in the case of a typical customer maybe more restrictive than the current Cx AD password policy?

                 

                • This is required if Fallback has been enabled, if Fallback is NOT enabled LDAP (AD) will remain the authoritative for password complexity. If LDAP is not used ATD will use it’s own local authentication database which has password policy options for “standalone” deployments of ATD.

                 

                 

                The LDAP option was added to the current release of ATD 3.4.8 which is a feature that is unique to ATD compared to equivalent solutions in the market.

                 

                BR

                Tony