LDAP Troubleshooting ESP Permitted Groups Using LDP.exe

When Troubleshooting issues with ESP where LDAP authentication from the LoadMaster is failing, it is useful to test the LDAP authentication directly on the Domain Controller. This can be done using the LDP application that is already pre-installed on Windows Server.

To launch LDP, click the start button and type LDP.exe. Click on the application. Here is what will be shown once the application is launched:

Click Connection > Connect and input the IP address of the LDAP Server we would like to test authentication against:

Click Connection > BIND and input the same user's credentials as you were trying to authenticate with on the LoadMaster:

At this point, if you select BIND with credentials, you can make a test BIND request using the particular Username, Password and Domain.

Note the responses you should see for successful and unsuccessful BIND requests to LDAP:

The above shows results of both valid and invalid responses. Regarding the negative response, the AD stating is that the credentials are invalid (such as the password being incorrect or the account being locked). This will help rule out if the LoadMaster is the cause of authentication issues or if there is really an issue with the AD/user credentials.

 

Troubleshooting Permitted Groups

If you are having issues getting permitted groups to work, you can also make use of LDP.exe.  Once you have successfully Authenticated navigate to  "Browse > Search"

You will then be presented with the following Search Box

 

 

Searching For a Permitted Group

 

Domain = Kemptest.com

User = admin

Group = EP InternetAccess XI

 

 

Base DN = DC=kemptest,DC=com

Filter (&(&(memberOf=CN=EP InternetAccess XI,CN=Users,DC=kemptest,DC=com))

 

Below you can see 1 Entries, which means my user "Admin" is a member of "EP InternetAccess XI"  Group. 

 

Was this article helpful?

0 out of 0 found this helpful

Comments