Issue

Troubleshooting of LDAP integration issues can be difficult, as PingFederate does not natively log all that is going on under the covers. We recently ran into a case in which, after a product upgrade, PingFederate Admin Console authentication stopped working when using LDAP authentication. This resulted in a ton of head-scratching and frustration, as double and triple-checks confirmed that nothing else changed.

PingFederate Solution

Since the days that PingFederate began using the UnboundID libraries for LDAP integration, a neat little trick is available to turn on the logging of the LDAP classes to see what is going on. By enabling this logging, we were able to see what PingFederate was getting back from LDAP binds/searches, in voluminous detail in the server.log file. The trick is to add the following lines at the end of the PingFederate

run.properties

file:

#---------------------------------
# Enable LDAP Logging
#---------------------------------
#
# These properties will enable LDAP logging in the server.log
# Additional settings for debug level include: "ALL", "SEVERE",
#"WARNING", "INFO", "CONFIG", "FINE", "FINER", "FINEST", "OFF"

com.unboundid.ldap.sdk.debug.enabled=true
com.unboundid.ldap.sdk.debug.level=ALL

By making this change and restarting the PingFederate server, we were able to troubleshoot the issue and determine what was going on by scrubbing the server log. Interestingly we identified that starting in PingFederate version 8, the syntax for administrator roles became case sensitive, which in PingFederate version 7 was not the case.

Use this tip for troubleshooting PingFederate LDAP isses to your advantage. We have found it particularly helpful for issues with HTML Form, attribute queries, and Admin Console login issues. If you have any comments or questions, please contact us!

 Categories

Latest from twitter

Recommended for you

PingFederate Database Logging for Performance

31st May 2017

Ping Identity
the Challenge of ‘Run’

17th October 2017

Configuring database audit logging on PingFederate with MySQL

8th May 2017

Ping Identity

Ping Identity frees the digital enterprize by providing secure access that enables the right people to access the right things, seamlessly and securely.

Explore Ping Identity

Want to talk to an expert?

Get in touch to find out how we can work together. We’re here to help with any questions.

Request a callback
Email us