0

Can't log in to pyramid?

If you have configured your Pyramid instance to use Active Directory (AD), and hear that users intermittently cannot log in, check the following,

The reason might be that your LDAP address sometimes returns Domain Controllers (DC) that do not work. To check what domain controller is being returned by the LDAP address at the time of the login issue, ping the LDAP address from the Pyramid server(s) to see what IP address is returned. With the IP it is then possible to know which domain controller it is that might not be working correctly.

To resolve the problem, use ONE of the following three suggested solutions.

  1. The preferred option is to get your LDAP DNS fixed so that it only returns good working domain controllers.
     
  2. The next best option is to add an entry to the local Host file of the Pyramid server(s) that points your LDAP address to one good known domain controller* that works.
    The host entry would look like the example below:

    If my LDAP address is LDAP://DC=TEST,DC=EXAMPLE,DC=COM
    And one of the Domain Controllers IP = 172.29.3.211

    Then you would add the following to the host file:
    172.29.3.211 TEST.EXAMPLE.COM

    the host file can be found at:
    C:\Windows\System32\drivers\etc

* to get a list of domain controllers the below command can be run from the command prompt.

nslookup -type=all _ldap._tcp

 

3. The third but unrecommended option is to log in to the Admin console and point Pyramid directly to one of your Domain Controllers without the need to edit the local host file on each Pyramid machine.
The disadvantage to this is that if this one domain controller fails there will be no way to login to the Pyramid application in order to update it to another one. Please see below on how you would point to one domain controller:

Under Admin>Access>domain settings - the bold text is where the domain controller would be specified followed by the LDAP address.
LDAP://TESTDC1.TEST.EXAMPLE.COM/DC=TEST,DC=EXAMPLE,DC=COM

Note that support for configuring a DC in the LDAP path was only introduced in version 2018.05.163. 

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like Follow
  • 4 mths agoLast active
  • 47Views
  • 1 Following