Below is a concise FAQ summarizing key LDAP integration and troubleshooting steps/recommendations.
1. How do I configure Repertoire to use LDAP SSO?
You may follow this guide in our support entry on steps to configure LDAP:
2. How can I enable automatic user creation upon successful LDAP login?
In the etc/application.conf, add:
add-authenticated-users {
enabled = true
roles = ["<roleName>"]
}
With this enabled, any authenticated AD user is automatically added to Ambience/Repertoire without manual provisioning.
3. When is manual user creation required, and do I need to set a password?
If add-authenticated-users.enabled is false, you must manually create users via the Ambience/Repertoire Users module. No local password is needed, AD handles authentication once bind and search succeed.
4. What should I double check when formatting the LDAP configuration?
Ensure the users parameter and OU matches your Active Directory structure.
5. How do I test that LDAP binding and authentication work?
- Attempt login with the AD credentials
- Disable group filtering initially; re-enable and configure once authentication is confirmed.
- A successful bind and search will auto-add the user (if enabled) and grant access.
- Use LDAP authentication tools like ldp.exe, to check if your username and password is correct.
6. What do I do if I get LDAP "error 49 subcode 52e”?
Use the UPN format (user@domain), for example admin@elixirtech.com. This is more reliable than the distinguished name (DN) format and resolves LDAP error 49 subcode 52e.
Additional Notes:
Enable debug = true logs under the ambience.ldap-sso block during testing to get more information, then disable in production to reduce verbosity.