$ sudo apt-get install ldap-utils
If you cannot log into Console with an Active Directory user, the following methods can help debug your setup.
Verify that you can query Active Directory from the host where Console is installed.
Install ldap-utils.
On Debian and derivative distros, including Ubuntu:
$ sudo apt-get install ldap-utils
On Red Hat and derivative distros, including Fedora:
$ sudo yum install openldap-clients
Query Active Directory for users.
Example query: The following command connects to an AD server at ldapserver.example.com as twistlock_server@example.com, prompts for the password on the command line, and shows the name for users in the cn=users,dc=example,dc=com subtree.
$ ldapsearch \ -x -h ldapserver.example.com \ -D "twistlock_service@example.com" \ -W \ -b "cn=users,dc=example,dc=com" \ -s sub "(cn=*)" cn mail sn
Check the Console container logs for clues:
Get the container ID for Console:
$ sudo docker ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}"
CONTAINER ID STATUS NAMES
530b404fb647 Up 3 hours twistlock_console
521c6469d644 Up 3 hours twistlock_db
a47f6a388837 Up 5 hours twistlock_defender
Get the Console container logs:
$ sudo docker logs 530b404fb647 2015-12-07T02:18:13.244Z - error: Failed binding for user admin InvalidCredentialsError: 80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580 . . .