What to do when there are issues with logging into Pyramid when using AD as your provider.

This article will help you diagnose if there is an issue with your domain controller and how to work around the problem until your domain controller is fixed.

Suppose you encounter issues connecting to your Pyramid environment, and the login issue is intermittent. In that case, likely, sometimes one of the domain controllers that your LDAP address returns is not allowing the login.
In your server logs, you could also see if there is any error mentioning an issue with connecting to your LDAP.
You can find the logs where your Pyramid web server is installed under C:\Program Files\Pyramid\log.

First, you can check which is not functioning by going to your environment URL and adding /diagnostic.
There you will see if there are any errors regarding LDAP.

There are two possible workarounds for this situation.

1. Point Pyramid directly to one working domain controller:

You could also see under the LDAP test if any domain controllers are shown as "invalid".

If it is "invalid", then until your IT gets it fixed, you can point to a specific domain controller by choosing another " valid " domain controller.
Copy the domain controller and paste it into the LDAP address, as shown below.

The downside of this solution is that If this specific domain controller becomes invalid, it will not be possible to connect to Pyramid and fix it.

2. Hard coding a known working domain controller in the local host file on each Pyramid task, runtime, and web server:

This is the preferred option.

Hardcode your LDAP address to point directly to a domain controller in the local host file of each Pyramid sever (Task, Runtime, and WEB) in the deployment.
Please see the below example:

Add an entry into the local host file of each pyramid server that points to your LDAP address to only one "valid" domain controller.

E.g., if your LDAP is LDAP://DC=my,DC,company,DC=.com
then you should add it to the host file and save my.company.com

*where the IP is an IP of one of your "valid" domain controllers.
(move through each domain controller listed, and once you find one that works, ping the name to get its IP)

Compared to the first solution, the upside of this solution is that if there is a problem with the domain controller you have used, you can update the host file manually to a different "valid" domain controller.

As mentioned, these solutions are only workarounds.
To avoid future issues, you will need to find the root cause of the problem and fix it.

Here are some tips for troubleshooting the domain controller and avoiding future issues:

  • Check the event logs: Check the event logs on the domain controller for any errors or warnings that might indicate the cause of the issue.
  • Run network diagnostic tools: Use tools like ping, traceroute, and nslookup to test the connectivity and DNS resolution of the domain controller.