Integration with MS Active Directory

I have a MS Active Directory that hold the following key attributes.

Distinguished Name: CN=LName\, FName,OU=Division,OU=Deptt,DC=company,DC=com ObjectClass: person ObjectClass: user memberOf: CN=AWS-Admin,CN=Users,DC=company,DC=com memberOf: CN=DC-Admin,CN=Users,DC=company,DC=com sAMAccountName: ab1234567
I want the authentication to be performed on ‘ab1234567’ and ‘password’. What should the configuration look like for achieving this? Here’s what I have and the error I am getting.

url: ldap://,dc=com
user-dn-pattern: cn={0},ou=Division,OU=Deptt
group-search-base: dc=company,dc=com
group-search-filter: (uniqueMember={0})
manager-dn: cn=ad-admin,dc=company,dc=com
manager-password: password

  • name: 01_hello
    docker-cmd: [“R”, “-e shinyproxy::run_01_hello()”]
    docker-image: openanalytics/shinyproxy-demo
    ldap-groups: [AWS-Admin, DC-Admin]

Status code: 500

Message: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]

Hi Muks,

Since there is no direct mapping from sAMAccountName to DN, you will have to use another approach.
Try adding this to your ldap config:

user-search-filter: (sAMAccountName={0})


@fmichielssen, I have two questions"

1.How or What tool do you recommend I use to check the LDAP configuration on Windows?I want to understand how to get the information like Muks

2. Where do I filter which user account has access to particular apps, through my Windows LDAP settings?
-I know there is a group filter in the ShinyProxy application.yml file however. Is this group filtering to a particular account done in the .yml file or in the LDAP.

Babacar Diouf

Hi Babacar,

Personally, I use the Apache Directory Studio, which can be downloaded either as a standalone application or as an Eclipse plugin.

You need to define groups in LDAP and put users in these groups.
This is usually done by adding uniqueMember=<userName> attributes to the LDAP group. The group-search-filter attribute in Shinyproxy is used to identify these LDAP attributes, and thus to find out who the members of the group are.

Then, in Shinyproxy’s configuration, you can grant groups access to apps, using the ldap-groups attribute of the app.
So that’s important to note: you grant access to groups, not to individual users.

Shinyproxy’s sample configuration uses the forumsys public test LDAP server, which you can read more about here: