Work through the following checklist as setting up the ldap_config file to match your LDAP settings can be difficult:
Enable the trace log by setting the LDAP_TRACE attribute to TRUE in the ldap_config file. The ldap_trace.log file is written to a file in the logs/user directory this can be used to diagnose your problem.
If you are using Windows® Active Directory, run the Active Directory Users and Computers browser from the Windows Domain Controller and check what the DN (Distinguished Name) is for the domain. From this browser you can also find out where the users are stored.
On other LDAP servers, use the setup tool for the LDAP server to find out the correct DN and user areas.
Check the correct Protocol is being used.
Check that the correct level in the LDAP directory structure is being used as the BIND_DN and also that the correct BIND_PASSWD is being used.
If the LDAP server is running securely, is the ldap_config file setup correctly?
To test that you are connecting to the LDAP server correctly without checking the user authentication, set AUTO_LDAP_LOGIN from TRUE to FALSE. This would help to show where the problem is, i.e. either an issue with the connection to the LDAP server or whether there is a problem searching the correct user location on the LDAP server.
LDAP verification will not succeed if the user’s LDAP structure contains multiple UIDs, e.g. if you have UID=manager and UID=yourname.
If you are failing to login and you receive an LDAP message confirming the password or username could be incorrect but the LDAP response message is blank then it is likely you have a case match issue with the entered username and the username returned from LDAP, and Cradle is rejecting the entered username. To resolve this issue you can set the UID_IGNORE_CASE to true.
For further information on LDAP see our previous blog entry or for more on Cradle integration with LDAP please refer to our online help.
This feature provides the ability for Cradle to authenticate a user against an LDAP server instead of passwords held in Cradle user accounts within a Cradle project database.
Used to look up user login information from a server
Avoids the need for user to enter username and password entry when launching the tools
LDAP is an optional part of Cradle that you can enable or not (disabled by default)
Supported by all Cradle tools
Cradle supports two methods of LDAP authentication:
The first for systems where the username can be inferred from network username and the second for systems where the username can not be inferred from the network username.
Force Network Login Name
The first method assumes that Cradle username is to be inferred from the current network username (Force Network LoginName). A user authenticates against LDAP when they login to the network by supplying a network username and a network password.
This method is to allow a user to login to a Cradle project without specifying a username or password. In this situation, the users are already authenticated to their desktop or Citrix environment and we do not require them to login again with a username and password to gain access to Cradle. So, provided that a user has logged-in to their desktop or Citrix environment and they have a User Profile in a Cradle project, the users will be able to login to Cradle without supplying a username or password.
Username/Password validated via LDAP server
The second method allows users to enter username and password to be validated via LDAP server. A user authenticates against LDAP when they login to the Cradle tools, by supplying a username and password.
LDAP control with ldap_config
Contained within the ldap_config file is an attribute called AUTO_LDAP_LOGIN
If AUTO_LDAP_LOGIN is TRUE then Force Network Login Name method is used (login with current network username)
If AUTO_LDAP_LOGIN is FALSE then Username/Password validated via LDAP server is is used (allows users to enter LDAP username and password)
For more information on how to setup Cradle to intergrate/interact with your LDAP server please refer to the online help section.
If you are operating in a secure environment and have multiple projects, you may want to launch WorkBench faster from a Windows Desktop shortcut.
Configure the shortcut for an individual Cradle user with “-login USERNAME,PASSWORD,PROJ-CODE ” for Cradle’s WorkBench.
For an even faster connection, you could also specify -cds thus alleviating WorkBench from searching for a server. (Without this parameter WorkBench will broadcast and await a response from an available CDS before connecting)
Configure with “-cds HOSTNAME/IP-ADDRESS” and give the host or IP address of the server running the CDS (Cradle Database Server).
If you are running from Linux, you can also use these parameters. When launching WorkBench from the command line use c_work and the -login and -cds parameters.
Do you have something important that your users need to know? Rather than having to send an email, you can display messages on the Cradle login screen for all of your Cradle users to see. These are called “Login Messages”, and can communicate any number of things, for example:
A reminder of a confidentiality agreement that may be implicit in your use of Cradle
The dates and times for any planned server reboots, for example after installing updates to the operating system
Announcements of internal training courses
A daily joke(!)
The message is written in UTF-8 and so can be in any language. The login message appears on the right hand side of the login dialog. You can optionally include a checkbox that users must select to confirm that they have read the message. A user cannot login until this checkbox has been selected. Users must select the checkbox every time that they login. See this blog post for more information.
The login message is stored in the file: login_message in the admin directory of the Cradle installation on your Cradle server:
This file contains notes which explain how to enter a message into the file, also includes examples. Any login_message files in an end users Cradle installation are ignored because the message is controlled on the server and displayed to all client machines.