We are trying to use our existing Active Directory to utilize AD users. The system is not returning the list of users in AD.
We have configured an Authorization Profile as type pure ‘Active Directory’. When we use the ‘manage users’ link for that Authorization Profile the list is blank for both users and roles. When we use ‘Verify an Authorization Profile’ the system says “Login succeeded for user …” and it then displays various AD information about the test user.
Some items of note…
- Our current default test profile is AD_Profile_3. It has had no changes to the Advanced settings. They are all default.
*Our AD is part of our corporate environment and has hundreds of users.
*We have an AD test tool that let’s us see our AD structure. We use the same credentials in the test tool that we use in the Ignition Authorization Profile.
The Log viewer indicates …
[profileName=AD_Profile_3] Error fetching users.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1]
Another log msg indicates …
[profileName=AD_Profile_3] Unable to read group attribute “cn” from group “CN=US-#USA Civil Midwest - PCI Skanska,OU=DLs,OU=Groups & Distribution Lists,OU=Groups,OU=USA,DC=skanska,DC=org”, using distinguished name instead.
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
‘OU=DLs,OU=Groups & Distribution Lists,OU=Groups,OU=USA,DC=skanska,DC=org’
]; remaining name ‘CN=US-\#USA Civil Midwest - PCI Skanska,OU=DLs,OU=Groups & Distribution Lists,OU=Groups,OU=USA,DC=skanska,DC=org’
End of LOG msgs forum msg