LDAP Troubleshooting

This should work independantly from the CoreMedia software. You can test it with ldapsearch (most of the Linx distributions come with it):

If that works, you can add the values for the parameters -D and -w in the jndi.properties`file for `java.naming.security.principal and java.naming.security.credentials. The content server needs this user for internal use. The value for the parameter -h equals to com.coremedia.ldap.host and the port is probably "389".

Configure the UserProvider first and then start the Content Server (log level DEBUG). Could the UserManager sucessfully be generated by the Content Server? Check the content server log for this.

Start the editor and log in with the built-in user admin. Search for the users and groups of the Ldap domain. If there are no results check the content server log and the ldap.log for any hints: Is there a connection problem or a successful search without any results? In the former case, other information in the log file could help (Ldap-Error-Code, Exception, Stacktrace). In the latter case, there is a mismatch between the UserProvider and the Ldap scheme or the base DNs are configured incorrectly.

Only if the Content Server has found the LDAP user, the authentication should work. For this purpose, a LdapLoginModule should be configured in jaas.conf.

The editor closes the session straightaway if the user has no rights. In order to work with LDAP users the admin (builtin) must have defined the rules for the LDAP groups.

If you have different LDAP servers, you have to define the basedns in all jndi.properties`files respectively. It is irrelevant if the servers come from different producers as long as the used scheme is the same. Otherwise, the `UserProvider must be configured for that scheme. Subsequently go again to the first section.