OpenLDAP support

smurray's Avatar


02 Jan, 2018 01:29 PM

I'm trying to use LDAP authentication. I seem to have a couple of issues preventing correct logins.

1) "The server could not be contacted. The LDAP server is unavailable.". I get this when I login with this form of user: MYDOMAIN\smurray. If I use MYDOMAIN.COM\smurray this goes away. This seems rather counter intuitive.

2) "Object reference not set to an instance of an object". I get this error if I use the .COM form of login.

 I have followed the trouble shooting guide and have pinned the issue down to the call to PrincipleContext

Domain issue:
$principalContext = new-object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext "Domain", "mydomain", "anything here as wont connect"

Using, I manage to connect but I get the null object issue
$principalContext = new-object -TypeName
System.DirectoryServices.AccountManagement.PrincipalContext "Domain", "", "LDAP://, OU=People, dc=mydomain, dc=com"

I have tried multiple container specifications matching our LDAP setup but none seem to work:
"OU=Trusted, OU=People, dc=mydomain, dc=com" // Basic container
"LDAP://myldapServer:389/OU=Trusted, OU=People, dc=mydomain, dc=com" // Explicit LDAP address
"LDAP://myldapServer/OU=Trusted, OU=People, dc=mydomain, dc=com" // Explicit LDAP address default port

Any clues?

Config wise here is the startup config from the server log:
2018-01-02 04:08:14.9898 12636 1 INFO Octopus.Server.exe version 4.1.5 (4.1.5+Branch.master.Sha.5179fe0310438ef78881686941d49eb0bd35822a) instance OctopusServer
2018-01-02 04:08:14.9898 12636 1 INFO Environment Information:
  OperatingSystem: Microsoft Windows NT 10.0.14393.0
  OsBitVersion: x64
  Is64BitProcess: True
  CurrentUser: mydomain\smurray
  MachineName: NYC-DWDOCT01
  ProcessorCount: 20
  CurrentDirectory: E:\OctopusInstaller
  TempDirectory: C:\Users\smurray\AppData\Local\Temp\
  HostProcessName: Octopus.Server

  1. 1 Posted by smurray on 04 Jan, 2018 02:35 PM

    smurray's Avatar

    Hi Peeps,
    I’m assuming your still on Christmas time over there!

    Any ideas would be appreciated once you have shaken off the festive fug


  2. Support Staff 2 Posted by Daniel Fischer on 05 Jan, 2018 12:34 AM

    Daniel Fischer's Avatar

    Hi Smurray,

    Thanks for getting in touch! As it stands, LDAP does not play too nicely with Octopus Deploy. The APIs we use do not currently support authenticating against an LDAP server.

    You are not entirely out of luck though as our Directory Services Authentication Provider is OSS on GitHub. It means you would have to write this yourself though. I believe we currently use the PrincipalContext and UserPrincipal to do the searching. For LDAP to work, you may need something like DirectoryEntry and DirectorySearcher.

    Unfortunately I can not provide you with much more information here (as we do not have any). I can link you to our documentation on building an authentication provider which should help point you in the right direction if you wish to build your own.

    If you have any further questions here please don't hesitate to let me know.

    Best regards,

  3. 3 Posted by smurray on 09 Jan, 2018 05:19 PM

    smurray's Avatar

    Hi Daniel,

    I’ve included Tim Wise who leads our IT team. He is assisting me trying to get this thing commissioned.

    Would it be possible to get a support call going to allow us to progress on this one. Tim is in the Atlanta office so should have a good time overlap with you guys.

    Many thanks

  4. Support Staff 4 Posted by Daniel Fischer on 09 Jan, 2018 11:37 PM

    Daniel Fischer's Avatar


    We generally do not offer support calls for issues. Our primary method of support is here on Tender or private support email support (at) octopus (dot) com. You are welcome to post any questions you have here or on the previously mentioned address. You are also able to make this conversation private.

    Please feel free to forward though any questions you may have. :)

    Best regards,

  5. 5 Posted by smurray on 12 Jan, 2018 10:29 AM

    smurray's Avatar

    Hi Daniel
    I’ve had telephone conversations with your guys in the past when I worked in UBS (in fact I got the product introduced there). I can’t remember the developer concerned but we assisted you guys in diagnosing a serious performance issue as we had some pretty big deployments going on.

    I also introduced the product here at Axioma. One of the plus points I gave was that you guys give good support.

    Now at the moment I have a product that won’t integrate with our Active directory. I’ve had a go and our IT support people have had a go. We have too many users to be able to effectively manage double entering all login credentials and frankly it would really be not great for a product to fail to connect to an AD.

    I am sure the issue is some configuration issue at our end and will be simple to correct but for now I have a dead product and egg on my face for championing it in the company. Note as well that many of our customers have an eye on what we will be using for this.

    I note there has been no reply to my colleague Tim’s request for a conversation/ desktop share. If this truly isn’t possible then can you please as a matter of urgency detail what you need in order diagnose our issue. This should include identifying any logs that you require that Tim can furnish. However I entirely agree with Tim that an eyes on approach will most likely resolve the issue.

    I await your prompt reply.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac