If you experience the following problems use this troubleshooting guide to resolve them.
Group Mapping Issues
If you do not see any groups under the LDAP Group entry in Group Mappings section, this probably means that you have specified incorrect LDAP connection details.
Check the following settings first:
- Allow Follow Referrals
- LDAP Version 3
- Negotiate TLS
- Base DN
- Connect Username
- Connect Password
LDAP Users Import or Login Issues
Please note that you do not necessarily import users from the LDAP server. If you finished setup connection to the LDAP server and groups mapping, try to login as one of the users from mapped groups. If all settings are correct, you'll be able to login using username and password from the LDAP server. Account in KMP will be created automatically upon login.
If you specify OU (Organizational Unit) in Base DN, make sure that LDAP users that you want to import belong to this OU as well as their parent groups. Otherwise, they won't be imported. Try to remove OU to check if that's the cause of the problem.
Remember that LDAP users that you want to import must have all these required attributes: account name, first name, last name, email. Otherwise they won't be imported. Make sure that attributes here in KMP preferences (LDAP Synchronization Preferences) match user attributes on the LDAP server.
Other issues
KMP has built-in log for all LDAP operations, which helps to troubleshoot any issue with connection to your LDAP server.
To enable the log, edit the /admin/config.inc.php file and change LOG_LDAP_OPERATIONS flag from "FALSE" to "TRUE":
Then try to reproduce the issue (try connecting to the LDAP server if you have an issue with connection, or try to import LDAP users if you have an issue with users import).
Log file will be generated and saved to the /admin/tmp/ folder in this format: ldap_log-YYYY-MM-DD.txt
You can now open this file and check for errors or send it to us for investigation.
Categories 