Skip to main content
Waters Employee Login
 
Waters

LDAP connection test fails in the NuGenesis LMS client - WKB23103

  1. Last updated
  2. Save as PDF
Article number: 23103

SYMPTOMS

  • When testing the LDAP server configuration in NuGenesis LMS, the following error message appears: "User or password is incorrect!"
  • The same LDAP username and password are successful when logging in to Windows, NuGenesis SDMS, or Empower

ENVIRONMENT

  • NuGenesis 9 LMS
  • NuGenesis 8 LMS
  • NuGenesis 8 ELN

CAUSE

  • An invalid LDAP configuration prevents the LMS server from connecting to the LDAP server;
  • The LDAP server is offline; or
  • The username entered into the Test Connection dialog box matches none, or more than one, of the entries in the LDAP server

FIX or WORKAROUND

  1. Verify each part of the LDAP configuration in LMS:
    • Check the protocol type and server name in the URL field
      • NuGenesis 8 - 9.2: The protocol should be ldap:// if using non-secure LDAP, or ldaps:// if using secure LDAP
      • NuGenesis 9.3+: The Authentication type should be "LDAP SSL" or "LDAP TLS"
      • The server name in the URL must be the name or full-qualified name of a valid LDAP server
    • Confirm that the port is correct
      • NuGenesis 8 - 9.2: The default port is 389 for non-secure LDAP and 636 for secure LDAP
      • NuGenesis 9.3+: Use port 389 with "LDAP" and "LDAP TLS" authentication types, or 636 for "LDAP SSL", unless specified otherwise by the customer's IT team
    • Confirm that the Bind User and Password are correct
    • Confirm that the Base DN is correct
    • Clear the LDAP Filter
    • Use the correct LDAP attribute for the User ID: sAMAccountName for Active Directory servers; UID for non-Active Directory servers
  2. An LDAP filter, if present, must use the LDAP query syntax. Example: (objectClass=user)
    • In most cases, an LDAP filter is not required
    • If it is required, use parentheses - ( ) - around the filter. The LMS server appends the filter to the default filter. Example: (&(uid=username)(objectClass=user))
  3. If using secure LDAP, then add a certificate to the LMS server per the instructions in the linked article
  4. Check the LMS server log file for error messages related to LDAP
  5. Use the Softerra LDAP Browser tool to connect to the LDAP server, and run the same query
  6. If the LDAP server returns more than one match for the search result, LMS displays the error message

ADDITIONAL INFORMATION

One example error message in server.log indicates a problem with the certificate as supplied by the LDAP server:

  • Problem accessing LDAP Server, e.g user not available in LDAP: javax.naming.CommunicationException: simple bind failed: ldapserver:636 [Root exception is javax.net.ssl.SSLHandshakeException: KeyUsage does not allow digital signatures]

This message is seen in NuGenesis 9.3+ servers where the LDAP server's own certificate does not have "digitalSignatures" specified in it's KeyUsage parameter.

id23103, comms, ELN, NGLMS, NGLMSLIC, NGLMSOPT, SUPNG

 

Not able to find a solution? Click here to request help.