AD/Internal Hybrid Login Failure

We are trying to setup a AD/Internal Hybrid approach and the AD accounts cannot log in. Where can I view a log of why they are failing so we can figure out why it doesn’t work?

Setting these gateway loggers to debug or trace may give you some clues:

UserSourceManager
UserSourceManager.Wrapper
UserSource.Internal
UserSource.AD_Internal_Hybrid
1 Like

Logger: ignition.UserSourceManager.Wrapper
Has the error below. Note that I did sanitize the output.

java.lang.Exception: Error while authenticating through LDAP.

at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.authenticateUsernamePassword(ADInternalHybridUserSource.java:220)

at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.authenticateAD(ADInternalHybridUserSource.java:308)

at com.inductiveautomation.ignition.gateway.authentication.impl.SsoHelper.authenticate(SsoHelper.java:39)

at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.authenticate(ADInternalHybridUserSource.java:155)

at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper.authenticate(UserSourceWrapper.java:239)

at com.inductiveautomation.ignition.gateway.servlets.gateway.functions.Login.client(Login.java:113)

at jdk.internal.reflect.GeneratedMethodAccessor186.invoke(Unknown Source)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.base/java.lang.reflect.Method.invoke(Unknown Source)

at com.inductiveautomation.ignition.gateway.servlets.gateway.AbstractGatewayFunction.invoke(AbstractGatewayFunction.java:225)

at com.inductiveautomation.ignition.gateway.servlets.Gateway.doPost(Gateway.java:411)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

at com.inductiveautomation.ignition.gateway.bootstrap.MapServlet.service(MapServlet.java:86)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:844)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:544)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:536)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1581)

at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1307)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:482)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1549)

at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1204)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:322)

at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)

at org.eclipse.jetty.server.Server.handle(Server.java:494)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:374)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:268)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)

at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)

at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)

at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)

at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)

at java.base/java.lang.Thread.run(Unknown Source)

Caused by: java.lang.Exception: Failed connecting to LDAP server.

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.openContext(LDAPHelper.java:225)

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.isUserValid(LDAPHelper.java:246)

at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.isPasswordInvalid(ADInternalHybridUserSource.java:233)

at com.inductiveautomation.ignition.gateway.authentication.impl.ADInternalHybridUserSource.authenticateUsernamePassword(ADInternalHybridUserSource.java:202)

... 48 common frames omitted

Caused by: javax.naming.CommunicationException: <<<--SERVER SANITIZED-->>>:389

at java.naming/com.sun.jndi.ldap.Connection.(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapClient.(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at java.naming/javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at java.naming/javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at java.naming/javax.naming.InitialContext.init(Unknown Source)

at java.naming/javax.naming.ldap.InitialLdapContext.(Unknown Source)

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.openContext(LDAPHelper.java:207)

... 51 common frames omitted

Caused by: java.net.ConnectException: Connection refused: connect

at java.base/java.net.PlainSocketImpl.connect0(Native Method)

at java.base/java.net.PlainSocketImpl.socketConnect(Unknown Source)

at java.base/java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)

at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)

at java.base/java.net.AbstractPlainSocketImpl.connect(Unknown Source)

at java.base/java.net.SocksSocketImpl.connect(Unknown Source)

at java.base/java.net.Socket.connect(Unknown Source)

at java.base/java.net.Socket.connect(Unknown Source)

at java.base/java.net.Socket.(Unknown Source)

at java.base/java.net.Socket.(Unknown Source)

at java.naming/com.sun.jndi.ldap.Connection.createSocket(Unknown Source)


Seems like the Ignition Gateway can’t connect to your AD server.

Is there anyway to get more diagnostics than that? We have verified that the credentials that Ignition is using are valid and we have switched over to other users also to try.

This is a lower level network/TCP error. It’s not even getting far enough for credentials to matter.

Check that you have the right hostname and port, that it’s reachable, that a firewall isn’t blocking it, etc…

Ok. We will take a look into that.

If your IT department is up to date on their updates, Microsoft has been disabling LDAP for numerous security reasons, you must use LDAPS… that could be another reason its not connecting.

How do I turn on the gateway loggers you listed:

UserSourceManager
UserSourceManager.Wrapper
UserSource.Internal
UserSource.AD_Internal_Hybrid

This page in the user manual should help you: Diagnostics - Logs - Ignition User Manual 8.1 - Ignition Documentation