LDAP Troubleshooting Guide & FAQs
-----------------------------------
Affected Roles: Administrator, Power Users
Related Digital Watchdog VMS Apps: DW Spectrum
Last Edit: May 2, 2025
-----------------------------------
LDAP integration allows System Administrators to link an existing User Database to their DW Spectrum System for access and rights management.
This article will provide answers to questions that are frequently asked regarding LDAP integration as well as a troubleshooting guide when connecting an LDAP server to a DW Spectrum System.
FAQs
Question: Why can’t an IP address be used when configuring LDAP in the Desktop Client?
Answer: DW Spectrum supports the FQDN standard. This involves using a domain name to specify the exact location of a system. It is a complete and unambiguous static address of a host or server on the Internet, including its hostname, domain name, and top-level domain (TLD). This ensures that there is no ambiguity about the exact location of the resource being accessed.
Question: Can a System be set to periodically poll LDAP for changes and updates?
Answer: DW Spectrum attempts to automatically synchronize with a connected LDAP/AD server once every 10 minutes by default.
Question: Why are LDAP users unable to log in to the Web Client until they have successfully logged into the DW Spectrum Client at least once?
Answer: This is currently the way the solution works but there are plans to modify it in an upcoming release to make it simpler to use.
Question: When configuring LDAP integration, I cannot specify the domain’s Base DN as a search base, but can specify OU’s underneath the Base DN. Why?
Answer: You cannot filter by OU membership, but you can filter by group membership. To retrieve all users that are members of a specific group, filter on the member or attribute.
For example:
memberOf=CN=Security Users,CN=Users,DC=DOMAIN,DC=LOCAL
Question: Does the VMS keep LDAP passwords?
Answer: No, for security reasons, DW Spectrum does not store passwords.
Question: Does the LDAP server need to be a part of the same local network as the DW Spectrum Server?
Answer: No, an LDAP server does not need to be on the same LAN as the DW Spectrum Media Server but it does not to be accessible through the Internet (WAN) or through LAN, if on a different subnet.
Question: Why can’t I see the LDAP button in the DW Spectrum Client?
Answer: LDAP users with any role assigned are not allowed to modify LDAP server settings. The basic concept is that if they accidentally modify these settings may cause a loss of permission to connect.
Question: Why does LDAPS (LDAP over SSL) not work?
Answer: Most likely you will be required to change certificates or to install certificates to both the LDAP server and the DW Spectrum Media Server.
Troubleshooting an LDAP Connection
Step 1: Test Your LDAP Server with a 3rd Party LDAP Browser or Client
To first determine if an issue is related to DW spectrum, we recommend you use an alternative LDAP browser or client to connect to your LDAP server from the list below:
- Windows – Softerra LDAP Browser
- Ubuntu – OpenLDAP
To install LDAP utilities with Ubuntu Linux, use the command:
sudo apt-get update && sudo apt-get install ldap-utils
Example Test
An example test query can look like the one below:
- URL: ldap://ad.my.domain.com
- Port: 389
- DN of an admin: [email protected] or CN=Administrator,CN=Users,DC=my,DC=domain,DC=com
- Search Base: CN=Users,DC=my,DC=domain,DC=com
- Password: PaSsWoRd123
ldapsearch -LLL -x -H ldap://ad.my.domain.com:389 -s sub -D [email protected] -b CN=Users,DC=my,DC=domain,DC=com -w PaSsWoRd123 -o ldif-wrap=150
A valid output would look like:
dn: CN=Users,DC=my,DC=domain,DC=com
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=my,DC=domain,DC=com
instanceType: 4
whenCreated: 20151113032937.0Z
whenChanged: 20151113032937.0Z
uSNCreated: 5696
uSNChanged: 5696
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: puf/DK2dGkCF/7bTR7V+iw==
systemFlags: -1946157056
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=com
isCriticalSystemObject: TRUE
dSCorePropagationData: 20170619233637.0Z
dSCorePropagationData: 16010101000001.0Z
.....
If you manage to fetch or browse the information from your LDAp server using the 3rd party browser/client, proceed to Step 2 below. Otherwise, it is encouraged to work with your LDAP system administrator for further assistance before proceeding.
Step 2: Gather Server Logs
If Step 1 was successful, gather server logs by performing the following:
- Elevate the main logging level of the DW Spectrum Media Server to “DEBUG2 (VERBOSE)”.
- DW Spectrum – Configuring Log Files with the Desktop Client
- DW Spectrum – Configuring Log Files with Web Admin
- Perform or re-create the same LDAP related operation you were encountering issues with.
- Gather Server Logs and share them with our support team or your local reseller.
- Navigate to the System Administrator > Advanced > Logs Management > Settings menu.
- Select the components that you want to download logs from, then click the Download button. It is not possible to download logs from offline servers.
For More Information or Technical Support
DW Technical Support: 866.446.3595 (option 4)
https://www.digital-watchdog.com/contact-tech-support/
______________________________________________________________________________
DW Sales: 866.446.3595 [email protected] www.digital-watchdog.com