MIDAS Active Directory (LDAP) IntegrationActive Directory Integration

Troubleshooting

If you encounter an issue configuring MIDAS to authenticate against your Active Directory, a good place to start is the "Test" button on the MIDAS Admin Options → Manage Users & Permissions → Single-Sign On (SSO). This button will test whether MIDAS is able to connect to and query the Active Directory using the settings you've specified.

If this test fails, these settings are the first thing to check.

You can also enable debug logging by selecting the "Debug" option and clicking "Save Changes". With debugging enabled, failed and successful LDAP authentications will be logged to a "/debug-ldap.dat" file in your MIDAS directory.

Warning: It is recommended to only enable Debug logging whilst troubleshooting integration with your AD. Once up and running, it's strongly advised to disable this logging, otherwise the log file can become very large!

Common issues, their causes and resolutions are outlined in the table below...

SymptomPossible Cause(s)Resolution
Integration Test fails with "An error occurred binding to the LDAP server: [82] An error occurred in C<Net::LDAP>" A bug exists in some recent versions of ActivePerl (and also Starwberry Perl) which may prevent the Net::LDAP module from functioning correctly. The workaround (other than installing an earlier version of Perl) is to rename the "INET6.pm" module within your current Perl distribution to something else. INET6.pm provides IPv6 support for Perl, and can commonly be found at C:\Perl64\site\lib\IO\Socket\INET6.pm (depending upon the location of Perl on you system). For more information on this workaround, please see this post.
If you have other Perl applications still requiring INET6.pm, an alternative potential workaround also exists
After configuring and enabling LDAP integration, when I access MIDAS, I still see a login screen If MIDAS is unable to successfully connect to and query your Active Directory, it will fall back to the standard login screen. Go to MIDAS Admin Options → Manage Users & Permissions → Single-Sign On (SSO) and check your Active Directory settings are correct using the "Test" button
If there is no email address in your Active Directory for your username, the user will see the standard MIDAS login screen. If you've enabled debug logging, this cause will be indicated in the debug log.

An email address should be entered in your Active Directory for each user who will be accessing MIDAS.
If there is no User Group in MIDAS with a name matching the name of the user's Primary Group setting in your Active Directory, and the "If no matching User Group exists, block access" option in MIDAS is selected, the user will see the standard MIDAS login screen. If you've enabled debug logging, this cause will be indicated in the debug log.
  1. Ensure that a User Group has been created in MIDAS (MIDAS Admin Options → Manage Users & Permissions → Groups) with the same name as the user's Primary Group from your Active Directory.
    or...
  2. Untick the "If no matching User Group exists, block access" option (MIDAS Admin Options → Manage Users & Permissions → Single-Sign On (SSO)). The user will then be able to access MIDAS using a very limited set of "view only" permissions.
If a user's MIDAS user account has been "suspended" in MIDAS, they will be returned to the login screen rather than seamlessly logged in. If you've enabled debug logging, this cause will be indicated in the debug log.

Go to MIDAS Admin Options → Manage Users & Permissions → Users and check that the user account in question hasn't been suspended.
A dialog prompting for credentials is shown when accessing MIDAS Your browser has not been configured to present the username of the currently logged in user to the server where your MIDAS resides. See Configuring Web Browsers