Troubleshooting LDAP

When troubleshooting your LDAP configuration, systematically verify your network connectivity, encryption settings, and bind credentials. This will help you determine whether a connection failure is due to a firewall, a certificate mismatch, an incorrect Distinguished Name (DN), or incorrect ExaVault User configuration.

Verify Network Connectivity

Ensure that your ExaVault server can reach the LDAP server address and that the port used for connecting to LDAP is accessible.

Test LDAP Binding

From the ExaVault Server, try manually performing a search against your LDAP server using the ldapsearch command-line tool. Compose the bind DN using the same Username prefix and Username suffix from your LDAP configuration.

Common LDAP Error Codes

Code

Name

Common Causes

Invalid Credentials

The most common. Either the password is wrong, or the "Bind DN" (the user path) is formatted incorrectly.

No Such Object

The server is reached, but the user or the Base DN" you provided doesn't exist in the directory.

Server Down

The client can't reach the server. This is usually a firewall issue, a wrong port (389 vs 636), or the LDAP service isn't running.

Invalid DN Syntax

Your prefix or suffix string has a formatting error (e.g., a missing comma or an extra space where it shouldn't be).

Unwilling to Perform

The server understood you but refused. This often happens if you try to bind over port 389 (insecure) but the server policy requires SSL or TLS.

Troubleshooting User Authentication

Before troubleshooting a user's failed logins, validate that the LDAP server is correctly defined and can be reached from the ExaVault host machine on the needed port.

The user must already exist in ExaVault in order to Authenticate. If you are using Active Directory sync, wait for the sync process to complete.

If the user exists, verify the Authentication method is Active Directory & LDAP in their user settings.

To validate that the credentials are correctly, use the ldapwhoami command-line tool; ldapwhoami is the quickest way to troubleshoot login errors.

If the user exists locally and the password is correct, LDAP bind failures come from bind username formatting or connection security mismatches. Check the Username prefix and Username suffix from your LDAP configuration.

Users Do Not Appear In ExaVault After Sync

Verify that the configured AD security group exists and that its Name (CN) matches the configured group name.

Verify that the user is a direct or nested member of that group.

Users Get Disabled Unexpectedly

ExaVault disables any previously synced user that does not appear in a sync run.

Verify that the user remains a member of the configured AD security group.

Verify that the user account is enabled in Active Directory.

Common LDAP Erro Codes

PreviousActive Directory & LDAP NextLinks (Share Links)

Last updated 4 days ago

hashtagVerify Network Connectivity

hashtagTest LDAP Binding

hashtagCommon LDAP Error Codes

hashtagTroubleshooting User Authentication

hashtagUser Cannot Login

hashtagUsers Do Not Appear In ExaVault After Sync

hashtagUsers Get Disabled Unexpectedly