0

Can't log in to pyramid?

If you have configured your Pyramid instance to use Active Directory (AD), and hear that users intermittently cannot log in, check the following,

The reason might be that your LDAP address sometimes returns Domain Controllers (DC) that do not work. To check what domain controller is being returned by the LDAP address at the time of the login issue, ping the LDAP address from the Pyramid server(s) to see what IP address is returned. With the IP it is then possible to know which domain controller it is that might not be working correctly.

To resolve the problem, use ONE of the following three suggested solutions.

  1. The preferred option is to get your LDAP DNS fixed so that it only returns good working domain controllers.
     
  2. The next best option is to add an entry to the local Host file of the Pyramid server(s) that points your LDAP address to one good known domain controller* that works.
    The host entry would look like the example below:

    If my LDAP address is LDAP://DC=TEST,DC=EXAMPLE,DC=COM
    And one of the Domain Controllers IP = 172.29.3.211

    Then you would add the following to the host file:
    172.29.3.211 TEST.EXAMPLE.COM

    the host file can be found at:
    C:\Windows\System32\drivers\etc

* to get a list of domain controllers the below command can be run from the command prompt.

nslookup -type=all _ldap._tcp

 

3. The third but unrecommended option is to log in to the Admin console and point Pyramid directly to one of your Domain Controllers without the need to edit the local host file on each Pyramid machine.
The disadvantage to this is that if this one domain controller fails there will be no way to login to the Pyramid application in order to update it to another one. Please see below on how you would point to one domain controller:

Under Admin>Access>domain settings - the bold text is where the domain controller would be specified followed by the LDAP address.
LDAP://TESTDC1.TEST.EXAMPLE.COM/DC=TEST,DC=EXAMPLE,DC=COM

Note that support for configuring a DC in the LDAP path was only introduced in version 2018.05.163. 

Reply

null
Login to reply

Content aside

  • 4 yrs agoLast active
  • 237Views
  • 1 Following
Related Articles
Log4J Remedies
Log4J Security Vulnerability & Pyramid
Issue when running a model that has JSON nodes that connect to HTTPS data source
How to update the Pyramid repository credentials.
Example of how to use the new Embed framework in Pyramid 2020.11 onwards
How to get Console logs and HAR logs from the Chrome browser DevTools
No proxy account was set for user (2020.10)
Security Notice: Linux Installations 2020.00-2020.05
Using Keystore Management Tool To Configure LDAPS or Content Migration Wizard in SSL Environments
Can't log in to pyramid?
Firewall Settings for Pyramid
Example of how to authenticate and embed Pyramid content.
How to change the default internal Pyramid website port
How to create a Pyramid website in IIS after an install.
Browser Settings for Windows Authentication
Cannot access Pyramid using IIS
How to enable SSL on Pyramid website and forward all HTTP request to HTTPS