This article is to assist in determining common causes of not being able to authenticate and authorize using LDAP (MS Active Directory or OpenLDAP).
First, make sure you've read How to Enable LDAP Authentication and Authorization for Open-AudIT and for good measure, also check LDAP_Servers.
So, you've read both of those and you still cannot login using LDAP. Open-AudIT has quite extensive logging where LDAP auth is concerned, for exactly this reason. The logs, especially at debug level, will assist you in point out where exactly the process is failing.
NOTE - log_level 7 in the configuration should only be used when troubleshooting. Debug level logging will create a LOT of logs. Your normal level should be 5, not 7.
This process will remove any existing logs, so if you need them for some reason, you can export them using menu -> Admin -> Database -> List Tables -> logs -> Export to SQL | CSV | XML.
First, let's set the log level to 7. Go to menu -> Admin -> Configuration -> List Configuration (or All Configuration if using Pro/Ent). Select the log_level item. Click the edit button and change it to 7. Now log out.
Second, let's remove the logs data. On the command line, on the Open-AudIT server runt he below command.
Linux
mysql -u openaudit -popenauditpassword openaudit -e "DELETE FROM logs;"
Windows
c:\xampplite\mysql\bin\mysql.exe -u openaudit -popenauditpassword openaudit -e "DELETE FROM logs;"
Third, let's try logging in using an LDAP user. I am assuming this will fail (otherwise, why are you still reading this?). Next, run the below in order to set the log level back to 5.
Linux
mysql -u openaudit -popenauditpassword openaudit -e "UPDATE configuration SET value = 5 WHERE name = 'log_level';"
Windows
c:\xampplite\mysql\bin\mysql.exe -u openaudit -popenauditpassword openaudit -e "UPDATE configuration SET value = 5 WHERE name = 'log_level';"
Forth, log back into Open-AudIT using the Admin account. and export the logs from menu -> Admin -> Database -> List Tables -> Logs -> Export to CSV. If there is a minimal amount of log lines, it may display on the bottom of the screen. Scroll down to view it. If you would rather view this in Excel, copy and paste the logs and save them as a text file with a .csv extension. Read through the logs and the final line will likely be the one of most interest. This line should give you the exact point at which the login failed.
Fifth, send the artifacts to Opmantek. If you are a supported Opmantek customer,a couple of items will make helping your easier. Please do save the log output to a CSV. Please generate the support JSON at menu -> Help -> Support and click the Download icon on the right hand side of the header. Save this file. Export your LDAP server from menu -> Admin -> LDAP Servers -> Details. In the URL, add the following .json (so from http:/oa_server/en/omk/open-audit/ldap_servers/1 to http://oa_server/en/omk/open-audit/ldap_servers/1.json). Save that file.
Please send all three files to your support contact at Opmantek and describe your issue.