Loggers - Active Directory

This article covers loggers related to Active Directory that were introduced in Ignition version 7.8.X.

Loggers in this article:

• UserSource.ActiveDirectory

• UserSource.AD_DB_Hybrid
• UserSource.AD_Internal_Hybrid
• UserSourceManager.Wrapper

UserSource.ActiveDirectory

• Monitors the status of connection and response data for an existing Active Directory User Source profile. Anytime a user is authenticating with this profile, we can expect this logger to show an authentication request made to Active Directory from a specific user and a response from Active Directory containing information about the user’s account if successful.
• • DEBUG log of request from a specific user for a list of users defined on the controller and response stating the returned count of users found ({...} is denoted as a placeholder for Active Directory configuration properties in Ignition): 
    

    Connecting to "ldap://{PrimaryDomainControllerHost}:{PrimaryDomainControllerPort}" as "{username}@{Domain}"... Searching for users in [{Domain}] with filter "{UserSearchFilter}"... ...  Found 859 users in 601 ms

• • TRACE log of successful response ({...} is denoted as a placeholder for response values provide by an Active Directory server):
    

    Creating user from LDAP attribute set: displayName={...} givenName={...} sAMAccountType={...} primaryGroupID={...} objectClass=[{...}, {...}, {...}, {...}] adminCount={...} badPasswordTime={...} objectCategory=CN={...},CN={...},CN={...},DC={...},DC={...} cn={...} userAccountControl={...} userPrincipalName={...} dSCorePropagationData=[{...}, {...}, {...}, {...}, {...}] codePage={...} distinguishedName=CN={...},CN={...},DC={...},DC={...} whenChanged={...} whenCreated={...} pwdLastSet={...} logonCount={...} accountExpires={...} lastLogoff={...} lastLogonTimestamp={...} objectGUID={...} sn={...} lastLogon={...} uSNChanged={...} uSNCreated={...} objectSid={...}

• • DEBUG log of request and failed response ({...} is denoted as a placeholder for Active Directory configuration properties in Ignition):
    

    Connecting to "ldap://{PrimaryDomainControllerHost}:{PrimaryDomainControllerPort}" as "{username}@{Domain}"... Authentication rejected.

Back to top

UserSource.AD_DB_Hybrid

• Monitors the status of connection and response data for an existing Active Directory/Database Hybrid User Source profile. Anytime a user is authenticating with this profile, we can expect this logger to show an authentication request made to Active Directory from a specific user and a response from both Active Directory and from queries to the database that stores the rest of the information about the user.
• • DEBUG log of request from a specific user for a list of users defined on the controller and response stating the returned count of users found. This profile will also state all the additional queries attempted for each user found ({...} is denoted as a placeholder for Active Directory configuration properties in Ignition):
    

    Connecting to "ldap://{PrimaryDomainControllerHost}:{PrimaryDomainControllerPort}" as "{username}@{Domain}"... Searching for users in [{Domain}] with filter "{UserSearchFilter}"... ... User schedule adjustment listing query not specified. Skipping user props - no query specified ... Found 859 users in 601 ms

• • TRACE log stating the query being used to retrieve the list of roles defined in an external database connection. Expect this to accompany the same DEBUG logger above. {RoleListQuery} is denoted as the query string defined under Database Properties>Role List Query property in the existing Active Directory/DB Hybrid:
    

    Listing roles with query: {RoleListQuery}

Back to top

UserSource.AD_Internal_Hybrid

• Monitors the status of connection and response data for an existing Active Directory/Internal Hybrid User Source profile. Anytime a user is authenticating with this profile, we can expect this logger to show an authentication request made to Active Directory from a specific user and a response from Active Directory.

  • DEBUG log of request from a specific user for a list of users defined on the controller and response stating the returned count of users found. ({...} is denoted as a placeholder for Active Directory configuration properties in Ignition):

    Connecting to "ldap://{PrimaryDomainControllerHost}:{PrimaryDomainControllerPort}" as "{username}@{Domain}"... Searching for users in [{Domain}] with filter "{UserSearchFilter}"... Found partial result set size: 100 Found 859 users in 4 seconds

Back to top

UserSourceManager.Wrapper

• Monitors attempts to authenticate with a User Source. Successful authentication will show a log stating Attempting primary authentication challenge that is followed up with a second logger Primary authentication succeeded. If it fails, only the first log will show without anything else to follow up.
  • DEBUG log of authentication request ({...} is denoted as a placeholder for a user’s entered credentials and response values from the user source):
    

    Attempting primary authentication challenge [{username={...}, password=*****}] Primary authentication succeeded. User={firstname={...}, username={...}, lastname={...}}

• Provides the full LDAP response codes from Active Directory when either the user applied to an Active Directory user source is failing to authenticate somehow or if the Active Directory server itself has a problem. The values {error code} and {data} can provide more information on typical error responses in LDAP protocol.
  • INFO log of failed request for user list ({...} is denoted as a placeholder for varying Active Directory response values):
    

    Error fetching groups. javax.naming.AuthenticationException: [LDAP: error code {error code} - {...}: LdapErr: {...}, comment: {...}, data {data}, {...}]

Back to top