Community Manager
Community Manager

Problem

If you create a user using LDAP, a simple connection check to the LDAP server is performed. Basically Exasol tries to connect to the LDAP server with a bogus user and checks that access is denied. This check might produce false negatives in complex LDAP setups, so the error message is thrown, although there is no real problem.

Diagnosis

If you receive the following error, you may be affected:

ldap error: Can't contact LDAP server, use FORCE option to create user

Solution

1. Check with your AD team that the Exasol database can reach the LDAP server. You can find more information here

2. If you are sure that there is no problem with your LDAP server, you can always create the user with the FORCE option. In this case, the connection check will not be performed:

CREATE USER myuser IDENTIFIED AT LDAP AS 'uid=me,ou=people,dc=ex,dc=de' FORCE;
Please note that if there are problems with connecting to the LDAP server, the user will receive this error during login:
Connection exception - authentication failed.

You should only use the FORCE option with caution to prevent confusion from users trying to login.

Additional References