NSX Advanced Load Balancer provides an option for testing authentication profiles configured on the NSX Advanced Load Balancer Controller.

Testing an Authentication Profile

  • Once an authentication profile is created, this is added to the list in the Templates > Security > Auth Profile Page. Click Verify icon.

  • To test the profile, click next to the profile name. A popup window appears prompting to perform the test.



Test Options for LDAP Authentication Profiles

The popup window for testing an LDAP authentication profile requires some information to be entered. The information is used in the request NSX Advanced Load Balancer sends to the LDAP server to test the profile.

Test Inputs for Anonymous Bind

If the LDAP authentication profile is configured to use anonymous binding for authentication requests, the popup window for testing the profile prompts for the LDAP user’s username and password. Testing whether a user can bind successfully verifies that the LDAP authentication profile is configured correctly to authenticate users with the same user DN pattern.





Test Inputs for Administrator Bind

If the LDAP authentication profile is configured to use administrator binding for authentication requests, one of the following types of information can be specified on the verification popup for the profile.

  • Test user entry: Searches the LDAP server’s database for the specified username, and returns the corresponding user entry from the LDAP database. This option is useful for listing all attribute key-value pairs for any given user. The user search settings configured in the authentication profile are used. If the Username field is left empty, NSX Advanced Load Balancer pulls the entire list of user records from the LDAP database.



  • Test user group membership: Lists all group memberships for the specified user. The group search settings configured in the authentication profile are used. If the Username field is left empty, all groups are returned.

  • Test base DN: Returns all objects under the base DN. This option is useful for testing administrator permissions and for reading the DN tree of the LDAP server.

  • Error Scenarios: The test page can identify some common error scenarios.
    • LDAP server IP/port incorrect.

    • Bad username or User Search settings are incorrect.

    • User is either not a member of any group or Group Search settings are incorrect.