Active Directory Authenticate Users

In this article

Overview

Use this Snap to authenticate Active Directory user credentials against an LDAP server through the authentication API. This Snap returns whether a given user entry (Username and Password combination) is valid in the Active Directory instance.

Prerequisites

  • Valid account to connect to the Active Directory server.

Support for Ultra Pipelines

Works in Ultra Pipelines

Limitations and Known Issues

None.

Snap Input and Output

Input/OutputType of ViewNumber of ViewsExamples of Upstream and Downstream SnapsDescription
Input 

Document

  • Min: 0
  • Max: 1
  • Mapper
  • JSON Generator
A document with the user's LDAP credentials (username and password).
Output

Document

  • Min: 1
  • Max: 1
  • Router
  • Filter
  • Mapper
  • REST Post
  • SQL Server - Select

A document containing the authentication result (success or failure).

Snap Settings

Parameter NameData TypeDescriptionDefault ValueExample 
LabelString
Specify a name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your Pipeline.
Active Directory Authenticate UsersAD Auth User
UsernameString/Expression

Required. Username of the user. This value can be passed as a Pipeline parameter or through an input document.

N/AJohnDoe
PasswordString/ExpressionRequired. The password associated with the username provided. This value can be passed as a Pipeline parameter or through an input document.N/AsFispGq@j3o!
Pass throughCheck boxSelect this check box to specify whether the data in the incoming document must be passed through and merged with the output document. If selected, the input document is passed through to the output view under the key original.SelectedSelected
Snap ExecutionDrop-down list

Select one of the three following modes in which the Snap executes:

  • Validate & Execute. Performs limited execution of the Snap and generates a data preview during Pipeline validation, then performs full execution of the Snap (unlimited records) during Pipeline runtime.
  • Execute only. Performs full execution of the Snap during Pipeline execution without generating preview data.
  • Disabled. Disables the Snap and all Snaps downstream from it.

Validate & ExecuteExecute only

Troubleshooting

ErrorReasonResolution

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]

The Snap execution is successful, but the value provided as password is not valid.

Ensure that the password provided in the Snap is valid/correct.

Failed to validate account: Connection error occurred due to invalid credentials or configurationConnection error occurs due to invalid credentials or configuration.Ensure that the provided Snap account credentials are valid, and any additional configuration (if required) is completed.

Examples

Verifying the Username and Password against the Active Directory

There are cases where the Active Directory is used as an authentication server. The Username and Password can be passed from other Pipelines, Ultra, or Triggered Tasks. The following Pipeline verifies user credentials against an Active Directory and returns the details where the authentication result is success. Each entry that fails authentication, also contains the reason and suggested resolution for the error. The Pipeline drops the document when the username and password are not valid.

For purposes of demonstration, the Mapper in this Pipeline sets up a user's AD credentials into the output of the Mapper for passing them to the Authenticate Users Snap. Configure the Mapper Snap to prepare a document input for the Authenticate Users Snap with credentials of multiple users, if it suits your requirements.

Mapper Snap

Output

Configure the Authenticate Users Snap to capture the user credentials from the Mapper output and verify them against the LDAP server to which it is connecting. 

Authenticate Users Snap

Output

Using the pass-through functionality

In certain scenarios, the Snap may be unable to process the entire input due to limitations imposed by the endpoint's API. In such cases, we recommend that you select the Pass through checkbox to ensure that the unprocessed input is not lost. You can process the remaining input data using more of the same Snap in the Pipeline. Alternatively, you can also write the original data into a separate file using a combination of the Mapper Snap and the File Writer Snap. 

The Pipeline uses a Filter Snap to filter the document with "success" authentication result (output from Authenticate Users Snap) and pass it into the downstream Snap. When the username or password is not valid, the Pipeline drops the document with the following response: result = fail.

Filter Snap

Output

After the authentication is complete, we can use other Snaps to suit the need. For example:

  • Query data from SQL Server database using SQL Server - Select Snap
  • Forward the request to another service using REST Post Snap.

Download this Pipeline

Downloads

Important Steps to Successfully Reuse Pipelines

  1. Download and import the Pipeline into SnapLogic.
  2. Configure Snap accounts as applicable.
  3. Provide Pipeline parameters as applicable.

  File Modified

File ActiveDirectory_AuthenticateUsers_Pipeline_Example.slp

Oct 30, 2020 by Anand Vedam

Snap Pack History

 Click to view/expand
Release
Snap Pack Version 
Date
Type
Updates
4.27main12833StableEnhanced the Active Directory Search Snap with a new field set, Returning Attributes, to define attributes that you want the Snap to return in the search results.
4.26 Patch426patches11280 LatestFixed an issue with the Active Directory Add Member Snap that failed when using forward slash "/" in the Distinguished name field.
4.26main11181 StableUpgraded with the latest SnapLogic Platform release.
4.25main9554 StableUpgraded with the latest SnapLogic Platform release.
4.24main8556 StableUpgraded with the latest SnapLogic Platform release.
4.23 Patch423patches8210 Latest

Fixes an issue of fetching search records in the Active Directory Search Snap by adding a new field, Limit, to specify the number of search records to be fetched from the Active Directory.

  • Previously the Page Size field worked similar to the Limit field, that is, it sets the limit on fetching records instead of fetching all the records. 
  • The Active Directory Search Snap output now displays the number of records that you specify in the Limit field under Settings. If your Pipelines use the Snap with the Page Size field, they may fail to execute if the downstream Snap expects the same count. To retrieve all the records, configure the Snap with default settings, that is, Limit: 0 and Page Size: 1000.
4.23 Patch423patches7454 Latest

Adds the Pass through check box in all the Snaps to include pass-through functionality. Select this check box to embed the upstream input documents under the original field of the output document along with other records.

4.23main7430 Stable
4.22422patches6531

 


Latest

Enhances the Active Directory Create Entry and Active Directory Update Entry Snaps by adding Attribute Value Delimiter field to separate multiple values entered in the Attribute value field.

4.22main6403 StableUpgraded with the latest SnapLogic Platform release.
4.21snapsmrc542 StableUpgraded with the latest SnapLogic Platform release.
4.20 Patchactivedirectory8789 Latest

Fixes the Active Directory Snaps to successfully read special characters in the Existing distinguished name and Distinguished name Snap settings without requiring escape characters.

4.20snapsmrc535 Stable

Fixes the Search Snap and the List Users Snap wherein the Snaps displayed only the first element of an array field. Now, the Snaps display all the elements of an array field.

4.19 Patch activedirectory8506 Latest

Fixes the Search Snap and the List Users Snap wherein the Snaps displayed only the first element of an array field. Now, the Snaps display all the elements of an array field.

4.19snapsmrc528 
StableUpgraded with the latest SnapLogic Platform release.
4.18snapsmrc523 Stable Upgraded with the latest SnapLogic Platform release.
4.17 PatchALL7402
Latest

Pushed automatic rebuild of the latest version of each Snap Pack to SnapLogic UAT and Elastic servers.

4.17 snapsmrc515 Stable

Added the Snap Execution field to all Standard-mode Snaps. In some Snaps, this field replaces the existing Execute during preview check box.

4.16 snapsmrc508 StableUpgraded with the latest SnapLogic Platform release.
4.15snapsmrc500 StableUpgraded with the latest SnapLogic Platform release.
4.14 snapsmrc490 StableUpgraded with the latest SnapLogic Platform release.
4.13snapsmrc486 StableUpgraded with the latest SnapLogic Platform release.
4.12snapsmrc480 StableUpgraded with the latest SnapLogic Platform release.
4.11 Patch activedirectory4630 Latest

Resolved an issue with the Active Directory Search Snap that Ignored PartialResultException and did not handle the slashes and backslashes in the search function:

  • Added the original exception to SnapdataException for the Active Directory Snaps.
  • Improved the error message.
4.11snapsmrc465

 

StableUpgraded with the latest SnapLogic Platform release.
4.10snapsmrc414 StableUpgraded with the latest SnapLogic Platform release.
4.9snapsmrc405 StableUpgraded with the latest SnapLogic Platform release.
4.8snapsmrc398 StableUpgraded with the latest SnapLogic Platform release.
4.7snapsmrc382 StableUpgraded with the latest SnapLogic Platform release.
4.6 Patch activedirectory2056 Latest

Resolved an issue with modifying the "unicodePwd" attribute using the Active Directory - Update Entry Snap.

4.6rcmsf233 Stable
  • Extended support for a der encoded representation of Anaplan Certificate for Anaplan account validation.
  • Resolved an issue in Create Entry, Search, and Update Entry Snaps that caused certain attributes to not appear in suggestions.
4.5.1rcmsf231 StableUpgraded with the latest SnapLogic Platform release.
4.5rcmsf231

 

StableUpgraded with the latest SnapLogic Platform release.
4.3.2

Stable

Resolved an issue in Active Directory Search resulting in an error using a port value in the server URI.

4.3.0



Stable

The Update Snap now populates all attributes during Suggest. The Search Snap now shows those attributes that have values.

4.2.2

Stable
  • Resolved an issue with the account failing to validate after the last Snap release.
  • Resolved an issue with the Active Directory Search Snap failing to throw an exception for an invalid search.
  • Resolved an issue with the Active Directory Search Snap not routing an error to the error view for a null search.
  • Resolved an issue with the Active Directory Search Snap adding a blank space on all strings.
  • Updated the tooltips within the Active Directory Snap Pack.
4.2.1

Stable

Resolved "Pass through only supported for Map data." message showing in Active Directory Rename Snap. 


See Also