Unable to Bind to LDAP or AD

Table of contents
  1. 1. Troubleshooting steps:

(Version 7+)

Problems Binding to the Directory Server / Logging in with a Directory user, are most often problems with the credentials for the AD/LDAP directory. However there are a large number of variables in creating a connection...

Note: After a version upgrade, Directory information may need to be updated, to support nested groups
(v7.0 - 7.4)

Troubleshooting steps:
  1. Increase Logging details

    • Follow instructions for viewing logs (Server & Web) here: increase logging details

      • What is showing in your logs after increasing the logging detail and trying again?

      • Don't forget to change the logging levels back again once you are done Troubleshooting

  2. Directory Credentials are Not Valid
    • Check the password of the account used to connect to the Directory Server
      • Was the password or the account modified?
      • Were privileges of the account changed?
      • Has the account expired? Is it active?
    • Use an administrative account that has sufficient privileges needed for importing users, etc.

       
  3. Username Format
    • Different username formats are accepted at login vs on the import page: Attempt to connect with another username format
      • For example: username, domain\username, username@domain, username@alias
        • Logins / Auto-Import: username (sAMAccountname format)
        • Logins / Auto-Import: username@alias (using the Directory Alias - Edit Directory page)
        • Import Users (only): username@domain (UPN format)
  4. (LDAP) Unique Directory Id attribute should match what is found on the Directory Server

     
  5. Directory Host
    • Try changing the Directory Host, for example, to: "YourDomain.com" (preferred). This allows the Domain Controllers to failover, and direct traffic to a controller that is not busy. You can also try to use either the IP Address or the Hostname.
  6. Restart Pleasant Password Server Service

  7. Test LDAP/AD Connection with another Tool

    • Can you see your AD/LDAP server from the Password Server?

      • A) Test connection with ping

      • B) Test connection with a tool such as: LDP, Softerra LDAP Browser, LDAP Admin, PortQry, or Active Directory (AD) Explorer

      • C) Diagnose DNS Health with the DCdiag tool:

        • For all DNS Servers (verbose)

          • DCdiag /Test:DNS /e /v > DNShealth.txt

        • On only a selected Domain (verbose)

          •  DCdiag /Test:DNS /e /v /S:yourdomain > DNShealth.txt

        • Read the output file from the bottom up, checking for failures

        • Also see: more advanced diagnostics

  8. Certificate Problems

    • Host does not completely match the Certificate for the Server/Security:

    • (LDAP) Try binding with the LDAP Admin tool on your Password Server machine, which returns comprehensive certificate warnings and errors.

  9. Administrative checks
    • Restart services and server

    • Reboot Domain Controller

    • Check correct server date/time

 

Otherwise, if you are still experiencing problems, please forward your detailed logs to us at Support.

Tag page
You must login to post a comment.