Bypassing the LDAP server authentication
The LDAP server authentication can be bypassed. The logon process is reverted back to the normal Content Manager OnDemand logon:
The LDAP server authentication is bypassed if one of the
following conditions is true. The logon process is reverted back to
the normal OnDemand logon:
- The LDAP server is down or cannot be reached and ARS_LDAP_OD_AUTHORITY_FALLBACK=TRUE
- The user ID does not exist on the LDAP server for the bind attribute and ARS_LDAP_OD_AUTHORITY_FALLBACK=TRUE
The LDAP authentication might fail if one of the following
conditions is true:
- The initial bind fails because of the incorrect user ID, password, or both.
- The second bind fails because of the incorrect user ID, password, or both.
- The attribute name that is specified in the ARS_LDAP_BIND_ATTRIBUTE configuration parameter does not exist on the LDAP server.
- The returned value from the LDAP server does not match any existing Content Manager OnDemand user ID.
- The returned value from the LDAP server matches an existing ID but it is in the wrong case and the Content Manager OnDemand user ID case sensitivity has been turned on.
- When the Content Manager OnDemand user ID sensitivity option is off, the returned value is converted to the uppercase characters. If the stored Content Manager OnDemand ID is in lower or mixed case, the logon can fail.
Depending on the LDAP server type and setup, the response you get from the LDAP authentication might not always be the same. The best way to diagnose the LDAP authentication problems is to get a detail trace and examine it. The trace can tell you which step went wrong in the LDAP authentication process.