Troubleshooting

Possible causes for LDAPS connection errors:

• The ldaps:// protocol or the required port is not specified in the connection string
• An IP address or incorrect LDAP server name is specified in the connection string. You need to input the name listed in the CN field of the LDAPS certificate.
• The root certificate or certificate chain is not added to the trust store of the server Passwork is installed on
• The LDAPS certificate uses outdated SHA-1 or MD5 encryption algorithms. To bypass the restriction, add the following line into the config file: TLS_CIPHER_SUITE NORMAL:%VERIFY_ALLOW_BROKEN
  • Linux — /etc/ldap/ldap.conf or /etc/openldap/ldap.conf
  • Windows — C:\openldap\sysconf\ldap.conf

Possible causes for problems with DN requests:

• Background tasks for loading users are not set up on the Users and Synchronization tabs
• Incorrectly configured request parameters, such as filters, attributes, or base DN, can lead to incorrect results or errors when executing DN requests.
• Lack of access rights to the OU (organizational unit) objects and data are being obtained from
• DN attribute path for obtaining nested groups from a group — memberOf:1.2.840.113556.1.4.1941:
• DN attribute for obtaining activated users from the LDAP server — userAccountControl:1.2.840.113556.1.4.803:=2
• If the wait time for DN request execution is too long, change the interval of request execution on the Users and Synchronization tabs
• If a user does not have the necessary access rights to the requested data, the LDAP server may decline the DN request.
• If users don't get uploaded into Passwork and a service account is set up, make sure that the samaccountname attribute name is specified, and not the value of the attribute