The best way to fix this is with a little ldif. Create a file called 'revert.ldif' dn: inum=@!BFB8.45A2.D0E4.1E14!0002!B128.C89F,ou=appliances,o=gluu changetype: modify replace: oxAuthenticationMode oxAuthenticationMode: internal # /opt/opendj/bin/ldapmodify -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw -f revert.ldif * Save the directory manager (admin) password to ~/.pw -- Remove this when your done. * Change the the inum with your appliance inum. You can see the `dn` in /opt/opendj/ldif/appliance.ldif After that, you should be reverted to your default authentication versus the local OpenDJ server. If that doesn't work, I would copy try this: dn: inum=@!BFB8.45A2.D0E4.1E14!0002!B128.C89F,ou=appliances,o=gluu changetype: modify replace: oxIDPAuthentication oxIDPAuthentication: {"type": "auth", "name": null, "level": 0, "priority": 1, "enabled": true, "version": 0, "config": "{\"configId\": \"auth_ldap_server\", \"servers\": [{\"value\":\"brookie.gluu.info:1636\"}], \"maxConnections\": 1000, \"bindDN\": \"cn=directory manager\", \"bindPassword\": \"nq1ttgF59zwwVJHMoinGCQ==\", \"useSSL\": \"true\", \"baseDNs\": [{\"value\":\"o=gluu\"}], \"primaryKey\": \"uid\", \"localPrimaryKey\": \"uid\", \"useAnonymousBind\": false, \"enabled\": true}" } Where you are copying this from the original value for oxIDPAuthentication saved in your `/opt/opendj/ldif/appliance.ldif` file. Also: don't forget the two spaces for each continued line in the ldif!

Make sure you test credentials and connectivity. Also check the logs of the source LDAP server to see if you can find the reason for the error.

I got all users of AD into Manage people after modifying CR. According to you, to avoid this login issue (after modifying Manage Authentication), I need to go with local ldap server credentials (opendj-gluu ldap server) in Manage Authentication. https://support.gluu.org/view/installation/login-issue-in-gluu-server-through-oxtrust/1926 This ticket says, In configuration/Manage Authentication: details of gluu internal ldap server. http://www.gluu.org/docs/admin-guide/configuration/#manage-authentication This says: In configuration/Manage Authentication: details of backend ldap i.e AD Which details shall I put in Manage Authentication (backend AD or internal ldap)?? Regards, Prerna

Hi, I have kept 'keep external persons' enabled, modified CR. I got users also. Then, I tried to modify 'Manage Authentication' with my AD details. If I logout, I will not be able to log into oxtrust with admin credentials. What is missing in this? I want to log into oxtrust with my AD users credentials? Thanks and Regards, Prerna

Add your AD user to the Manager Group.

You mean, step 1: modify CR Step 2: Check users in Manage People (AD users) Step 3: If step 2 successful Then, Add all users to Manager group Step 4: modify Manage Authentication Result: Able to login oxtrust GUI with AD users credentials or admin credentials of gluu Will this work?? Will this allow me to login with users credentials?? I got /opendj/ldif/appliance.ldif Should I modify this file (oxIDPAttribute details)? Thanks.

Hi, Prerna, hi, Mike. Please wait a bit before proceeding. We had an issue with logins against LDAP backend not so long ago, and it supposed to be fixed by now. But the symptoms you are describing looks pretty much like it. Let me try to reproduce it on my test box Regards, Alex.

And to answer your question, Prerna: yes, under normal conditions your steps are correct. Just don't forget to set "Keep external persons", so you could rollback to default auth easily, in case it won't end up as expected.

Confirmed: it's the same issue. I'll notify Yuriy.

Hi Aliaksandr, Do I need to modify appliance.ldif? (only oxIDPAttribute value) Is there still any issue? or Shall I proceed?

Unfortunately, at the moment you won't be able to employ authentication against backend. You can't do anything to fix it, we will have to wait response from the dev team. Ldif manipulations Mike was recommending before is a way to revert your auth mode back to default, so you could at least log in to the default admin account. If you still have troubles with logging in and don't wish to go for reinstall, you can follow his guide by creating this revert.ldif and running ldapmodify against Gluu's internal LDAP database. You don't need to modify appliance.ldif, just to fetch the original values of "dn", "oxAuthenticationMode" and "oxAuthenticationMode" attributes from there, and then substitute corresponding attributes in example ldifs he provided in his post. The feed resulting ldifs to the ldapmodify while inside Gluu's chroot-ed container.

Hi Prerna, It's fixed. Please feel free to test again.