LDAP troubleshooting and recovery

Quick Checks

• In the setup application, confirm the LDAP configuration’s fields are all correct.

• Ensure the user you are logging in with has been created in the Continuous Compliance, exists in LDAP and is in scope of the Base DN and search filter.

• If login still fails, check Masking logs for LDAP errors/ settings and adjust accordingly.

Recovering from an LDAP lockout

If LDAP is enabled and logins to the Continuous Compliance Engine fail due to misconfiguration or missing users, use the steps below to regain access.

Case 1 - Connection OK, user not found (no restart)

1. In LDAP, create/use an account with the exact username as the Masking admin configured during setup (e.g., admin) and ensure it matches the Base DN and filter.

2. Sign in to Continuous Compliance with that LDAP username/password.

3. In Application Settings → LDAP, correct or disable LDAP as needed.

Case 2 - Connection invalid (restart may be required)

1. In the admin application, point LDAP settings to a known-good directory.

2. For LDAPS, import and accept the server certificate on the engine.

3. Click Test Connection to verify basic connectivity (anonymous bind only; it does not validate Base DN, filter, or AD domain).

4. Restart the Continuous Compliance Engine to trigger the one-time startup sync.

5. Log in with a valid LDAP user and finalize LDAP settings in Continuous Compliance Engine.

Caveats

• LDAP is not automatically enabled or disabled in the Continuous Compliance Engine. Enabling/disabling still happens in the Continuous Compliance UI/API by toggling the Application Setting field Enable.

  • Changing/clearing LDAP in the Continuous Data engine does not clear Continuous Compliance Engine’s LDAP settings.

• Containerized Masking does not sync LDAP fields; manage them within the engine.