Jump to content
Welcome to our new Citrix community!

Unexpected end of JSON input - Test LDAP Reachability


Pedro Huaroto M

Recommended Posts

Hi NetScaler Team,

 

Regarding LDAP authentication, when verifying the LDAP connection via GUI (with the Test LDAP Reachability button) it shows the error message: Unexpected end of JSON input.

Via command line it does not show any error message or message indicating that the test worked, even putting an incorrect password it always shows the 'Done' message:
probe server -type LDAP -IP 192.168.10.11 -port 389 -ldapBase "dc=tra, dc=lab" -ldapBindDn administrator@tra.lab -password "Test123" -secType PLAINTEXT
 Done

 

The password has no special characters

The version that the event happens is in 12.1:Build 63.23 y 12.1:Build 63.24.

 

Any suggestions to check via command line, or via GUI, the ldap connection??

Thanks you


Note: In lower versions (NS12.1: Build 58.15) I have seen that via command it shows at least if the password is correct or incorrect:
.."Valid credentials have been provided."..
or
..Valid Credentials are not provided." ...
 

Messages.PNG

Link to comment
Share on other sites

To expand on Johannes statement. If it is just a GUI bug, the test utility may not confirm the up/down state of your authe policy, but you should be able to do a live authentication call which should work.  

 

There's not really a command line version of the test that I know. If this is for system access or a vpn access, I just do an authentication test to see if policy does in fact work. 

You can confirm authentication details during a live call by observing the aaad.debug output (named pipe).  But there's no passive probing. Just run an authenticaiton test against the logon point to confirm policy is correct.

 

To view aaad.debug:

shell

cd /tmp

cat aaad.debug

## run an authentication test. If it works, no need to look further unless you have multiple policies and you want to know which one engaged.

Review output from the cat command during the attempt and you will see the adc bind connection to ldap server (or failure), the user group extraction, and the confirmation of the user credentials.  aaad.debug shows all external authentication calls and can show you ldap, radius, saml events as they occur. Its a named pipe and not a log file. 

  • Like 2
Link to comment
Share on other sites

  • 2 weeks later...

Team NetScaler Thanks for the info,

 

As complementary information, the versions that present this bug are:
12.1:Build 63.23
12.1:Build 63.24
13.0.84.11
13.1.12.51

 

Works fine on older versions:
11.1.65.23
12.1.58.15

 

As of today, it works ok in the version:
Release (Feature Phase) 12.1 Build 64.16

nsad.PNG

  • Like 2
Link to comment
Share on other sites

  • 3 months later...
On 1/20/2022 at 5:40 AM, Johannes Norz said:

I have seen this as well. It seems to be a bug in GUI / this button. You may safely ignore this message.

 

Cheers

 

Johannes Norz

CTA, CCI, CCE-N

https://blog.norz.at

I have seen this for the last several versions. Unfortunately, we cannot safely ignore it when we're trying to troubleshoot authentication. This is so frustrating this  has been broken for the last year and a half. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...