1. Home
  2. Categories
  3. Support
  4. AD integration not working in ProGet 2025.18

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

AD integration not working in ProGet 2025.18

  • M

    ProGet 2025.18 running on Windows Server 2019

    https://docs.inedo.com/docs/installation/security-ldap-active-directory/various-ldap-ldap-active-directory

    I have followed those docs. When I get to step 3, and try to search for any group in my AD domain, the search never completes, and only the built in "Administrators" group shows up.

    I have also tried creating a new AD domain connection using a service account credentials. I can add permissions for users, and the groups shows up properly, but when I test the login using the login test to try to get my user account to login, it fails with no error message. I also cannot login properly using that same AD account if I logout of the built-in Admin account and try to login with the AD account.

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @michael-day_7391 ,

    Unfortunately AD/LDAP issues can be pretty challenging to troubleshoot and debug. I can give you a few general tips, but this is one of those things where there are no useful logs -- it's like trying to diagnose why you're getting a timeout doing an HTTP request. The real issue is somewhere down the line.

    Assuming you're able to connect to the LDAP Server (Domain Controller in this case, it sounds like), the most common is permissions. This can get really painful, because it can be incredibly granular - an account can be allowed to enumerate groups, but not bind to specific users (i.e. do a login). Other times, it's related to multi-domain / complex forrests, and things like misconfigured trusts.

    For security reasons, the AD/LDAP server never really tells the client what's wrong -- that's why you won't see anything useful in ProGet. You have to look at logs on the sever to find out what the exact issue is.

    If those aren't easily accessible, my advise is to keep "playing around" and perhaps try the LDAP/OpenLDAP directory, which is basically just "raw" LDAP queries. Or try V5 vs V4, etc.

    Here is the source code, if you're curious to see what's going on behind the scenes:
    https://github.com/Inedo/inedox-inedocore/tree/master/InedoCore/InedoExtension/UserDirectories/ActiveDirectory

    Agan, the server logs (LDAP/AD Server, nt ProGet server) are going to be the best place to look for queries and issues.

    Hope that helps,

    Alana

    0
  • M

    It appears the issue is that we are running regular LDAP with strong authentication enforced via group policy as part of the server hardening, and ProGet does not seems to support that. Without StarTLS or other method, it won't allow the connection.

    bindResponse(201) strongAuthRequired (00002028: LdapErr: DSID-0C090346, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @michael-day_7391 ,

    There is an option to "Use LDAPS", so I would makes sure to select that.

    Thanks,
    Alana

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation