The ldaps:// protocol or the required port is not specified in the connection string
An IP address or incorrect LDAP server name is specified in the connection string. You need to input the name listed in the CN field of the LDAPS certificate.
The root certificate or certificate chain is not added to the trust store of the server Passwork is installed on
The LDAPS certificate uses outdated SHA-1 or MD5 encryption algorithms. To bypass the restriction, add the following line into the config file:
TLS_CIPHER_SUITE NORMAL:%VERIFY_ALLOW_BROKEN
Linux — /etc/ldap/ldap.conf or /etc/openldap/ldap.conf
Background tasks for loading users are not set up on the Users and Synchronization tabs
Incorrectly configured request parameters, such as filters, attributes, or base DN, can lead to incorrect results or errors when executing DN requests.
Lack of access rights to the OU (organizational unit) objects and data are being obtained from
DN attribute path for obtaining nested groups from a group — memberOf:1.2.840.113556.1.4.1941:
DN attribute for obtaining activated users from the LDAP server — userAccountControl:1.2.840.113556.1.4.803:=2
If the wait time for DN request execution is too long, change the interval of request execution on the Users and Synchronization tabs
If a user does not have the necessary access rights to the requested data, the LDAP server may decline the DN request.
If users don't get uploaded into Passwork and a service account is set up, make sure that the samaccountname attribute name is specified, and not the value of the attribute
