Troubleshoot the LDAP Users using the Microsoft Debug view
- You can use the Microsoft Debug view tool to troubleshoot LDAP users in Archer.
- Extract the zip file and install the Microsoft Debug view tool
- Before running the Microsoft Debug view tool, you will need to find out the "Process ID" of the process performing LDAP Sync:
- Open Windows Task Manager and click on the Details Tab
- The name of the LDAP Sync Process is called "Archer.Services.DataFeedService.exe"
- Note down the Process ID from the PID column (in this case 3084)
- Open the Microsoft Debug view tool
- Go to Filter (funnel icon within Debug view) and open the filter. By default, the filter uses the "*" (wild card) under the section "Include" to capture information on all running processes in Windows.
- Since we want to capture only the LDAP Sync process we will filter the Microsoft Debug view tool to capture only the LDAP Sync process. Under the section "Include" we will need to use this filter [LDAP Sync process ID] then click ok.
- Then click Capture and enable Capture Global Win32
- Then the output will appear like the example shown below which shows LDAP service capturing normal traffic. If there were errors with LDAP traffic, these may appear as well.
- Once a new LDAP username is added to Active Director and the LDAP Sync runs in the Archer. Then the new LDAP username will show
When you configure LDAP in Archer, you may use a filter to pull out LDAP Users/Groups. Archer comes with the "TestLDAPSchema.aspx" tool and tool can be found at "..\Program Files\RSA Archer\Tools\Utilities\LdapTestPage". The tool can be used to test the LDAP configuration before actually running it in Archer. In addition, the tool can be used to check the LDAP Users/Groups filter. For instance, if you are unable to pull LDAP Users/Groups into Archer then this tool can be used to test and verify your filter. Here is how you use the "TestLDAPSchema.aspx" tool
Troubleshoot the LDAP Users/Groups using the TestLDAPSchem page
- Navigate to C:(root directory may vary)\Program Files\RSA Archer\Tools\Utilities\LdapTestPage
- Copy the "TestLDAPSchema.aspx" file into Web Server
- Navigate to the Web Server and go to C: (root directory may vary)\inetpub\wwwroot\RSAarcher
- Paste the "TestLDAPSchema.aspx" file to this directory
- Log in to Archer (you must have established a session for this to work - login to Archer first)
- Go to Archer Control Panel and find out the Base URL of the Archer instance, copy it to the text file then add/append the "TestLDAPSchema.aspx" to the Base URL. For instance, if your Archer Base URL is https://Server_name/RSAarcher then append the "TestLDAPSchema.aspx" and it will be https://Server_name/RSAarcher/TestLDAPSchema.aspx
- Then past it into the browser and this will bring up the TestLDAPSchema page:
- You will need the following::
- Login to Archer UI
- In Archer navigate to: Administration > Access Control> Manage LDAP Configurations
- Hover your mouse over the LDAP configuration in question. At the bottom right-hand corner of the page, you will notice the ID: number for the LDAP configuration.
- You will input that ID: number on the "TestLDAPSchema" page and click "Load LDAP Config" and that will populate all the settings of your LDAP config to the test page.
- Next, you will need to populate the filter, you will need to copy the existing filter from the Archer LDAP configuration and past it into the Filter field the "TestLDAPSchema" page. Then hit "Query for Users" or other options as well. The output of the "Query for Users" returns the username and their groups membership plus other attributes. By using the TestLDAPSchema page it helps to find out whether you are able to pull the username and their group membership. For instance, in Archer LDAP Configuration if you are unable to pull usernames and their group membership you can use the TestLDAPSchema page to see if you are getting the same behaviour and if that case then you will go to back to your Windows Administrator check the LDAP server.