Validating your LDAP configuration

Because LDAP configuration is a relatively delicate operation, Contenta includes a tool called ldaptest to test the status of specific users. Run this tool before running the SQL LDAP setup script. In addition to using the tool, this section also describes other steps to verify and validate your LDAP configuration on a client or server.

Procedure

  1. Access the Contenta Server or Windows-based Contenta Administration Client on which you want to verify your LDAP configuration.
  2. Verify that the bin\ subdirectory of the Contenta home directory contains a file xyldap.cfg and verify that it is configured correctly.
  3. Verify that the System\ subdirectory of the Contenta_home directory contains the file xyauth.dll. If using Active Directory, this file must be a copy of distr\ActivDir\xyauth.dll; otherwise, it must be a copy of distr\standard\xyauth.dll.
  4. Open a SQL+ command prompt, log in to the Contenta database and perform the following SQL command:

    select password from useracct;

  5. Verify that the output of this command only shows the value <EXTERNAL>.
  6. Close the SQL+ command prompt.
  7. On a Windows system, start the registry editor and navigate to the registry value HKEY_LOCAL_MACHINE\XyEnterprise\Contenta@Server\3.0\XYE_PDM_A UTHENTICATION.
  8. Alternatively, on a Linux system, navigate to /pdm/bin/ and check the file pdm.cshrc for an environment variable called XYE_PDM_AUTHENTICATION.
  9. Verify that the registry value or environment variable is set to LDAP (case-sensitive).
  10. On a Windows system, enable debug mode by creating the environment variable XYV_PDM_LDAP DEBUG in the user environment and setting its value to 1.
  11. On a Linux system, enable debug mode by adding the following line to pdm.cshrc:

    setenv XYV_PDM_LDAP_DEBUG 1

    Save and close pdm.cshrc, and source it.

  12. Open a command prompt and navigate to the Setup\ subdirectory of the Contenta_home directory.
  13. Enter ldaptest user, where user is a user whose LDAP status you want to test. Then prompted for the user’s password, enter it. For a valid Contenta user, the tool produces output like the following:
    ldaptest: == begin ==
    return values : valid user=1
    return values : contenta login name=contentauser
    ldap_search_s: THE END
    where contentauser is either the same as user or, if this user is configured as a Contenta sysadmin user, “sysadmin”. If the user is not considered a valid Contenta user (for example, because the configured user attribute to check is not set to TRUE), the tool produces this output:
    ldaptest: == begin ==
    xy_connect: -10 The user is not a Content@ user
  14. Navigate to the logs\ldap\ subdirectory of the Contenta_home directory.
  15. Check any log files in this directory for error messages.
  16. If using Windows, repeat the steps above for each of your Contenta Administration Clients, but check for the registry value HKEY_LOCAL_MACHINE\XyEnterprise\Contenta@\3.0\XYE_PDM_AUTHENTICATION instead of HKEY_LOCAL_MACHINE\XyEnterprise\Contenta@Server\3.0\XYE_PDM_AUTHENTICATION.
  17. When you have finished debugging, remove XYV_PDM_LDAP_DEBUG from your registry or pdm.cshrc file (or set it to 0) to disable debug mode.