LDAP Authentication and Authorization
08 May 2014 06:20 PM


MarkLogic Server allows you to configure MarkLogic Server so that users are authenticated using an external authentication protocol, such as Lightweight Directory Access Protocol (LDAP) or Kerberos. These external agents serve as centralized points of authentication or repositories for user information from which authorization decisions can be made. If, after following the configuration instructions in our documentation, the authentication does not work as expected, this article gives some additional debugging ideas.


The following are areas should be checked when your LDAP Authentication is not working as expected:

1. Verify that cyrus-sasl-md5 library is installed on MarkLogic Server node.

2. Run the following LDAP search command to check if LDAP server is properly setup.

ldapsearch -H ldap://{Your LDAP Serevr URI}:389 -x -s base

a. Once you run the ldap search command, make sure digest-md5 is supported. 

supportedSASLMechanisms: DIGEST-MD5

b. Identify the correct LDAP Service name:

e.g ldapServiceName: MLTEST1.LOCAL:dc1$@MLTEST1.LOCAL

3. On Windows platforms, the services.keytab file is created using Active Directory Domain Services (AD DS) on a Windows server. If you are using Active Directory Domain Services (AD DS) on a computer that is running Windows Server 2008 or Windows Server 2008 R2, be sure that you have installed the hot fix described in

(12 vote(s))
Not helpful

Comments (0)