Skip to main content

Change LDAP group

In this article, we explore LDAP group assignment errors, including binding failures and authentication issues in directory setup.

Y
Written by Yusef Abulaynain
Updated over 4 months ago

Error:

'Error: Could not bind to LDAP as admin. Please verify options [binddn] and [bindpassword]'

For hosted customers please raise a new case online and reference the title of this article. Please provide the name or URL of the Mosaic instances this relates to.

⚠️ Warning: This knowledge article is intended for platform engineers who are familiar with configuring Weblogic and Mosaic application servers.

This knowledge article is applicable when the Mosaic authentication mode is set to DirectoryAuthentication


The Mosaic authentication mode can be verified by running the following SQL on the Mosaic database.

select value from system_properties where name='authenticationMode'

The Directory server details are located in a config file (usually called jaas.config) on the Mosaic application server.


The path to jaas.config is defined in the Mosaic managed server startup parameters in the arguments field in Weblogic as follows:-

-Djava.security.auth.login.config=<WL_DOMAIN>/security/jaas.config

Create, or edit, the configuration file in a text editor, using the UTF-8 encoding, as follows . Save the file as <WL_DOMAIN>/security/jaas.config.

Sample jaas.config file

DatabaseAuthentication {
uk.co.corelogic.framework.security.auth.module.RDBMSLoginModule optional debug=false;
};

DirectoryAuthentication {
uk.co.corelogic.framework.security.auth.module.ActiveDirectoryLoginModule
    optional
    debug=false
    java.naming.security.authentication="simple"
    java.naming.provider.url="WIN-SS2K8.corelogic.local:389"
    userLoginIdentifier="uid"
    searchBase="DC=testdomain,DC=local"
    userUniqueIdentifier="DN"
    anonymousBind="true"
    accessControlGroup="cn=Mosaic,ou=CORELOGIC,ou=apps,ou=groups,o=corelogic,DC=testdomain,DC=local"
    userObjectClass="inetOrgPerson";
};

The section of the jaas.config file called DirectoryAuthentication contains the information specific to the LDAP / AD directory server. Where applicable the LDAP group is specified by the parameter accessControlGroup.

If anonymousBind="false" then the additional parameters binddn and bindpassword will need to be provided, see example below.

 anonymousBind="false"
 binddn="[email protected]"
 bindpassword="C0r3l0g1c";

Related Articles
Change Authentication servers, Directory, Active Directory and LDAP
Error when logging in
Issues when fingerprint on an SFTP server changes
Did this answer your question?