Enable PingFederate LDAP Logging

Are you experiencing issues with PingFederate LDAP integration? We recently had some issues following an upgrade from PingFederate version 7 to the latest PingFederate version 8. We were really frustrated due to the lack of logging made available in the server logs to troubleshoot the LDAP integration. Along the way we figured out a little trick that you can use to help with LDAP integration troubleshooting on PingFederate.


Troubleshooting of LDAP integration issues can be difficult, as PingFederate does not natively log all that is going on under the covers. We recently ran into a case in which, after a product upgrade, PingFederate Admin Console authentication stopped working when using LDAP authentication. This resulted in a ton of head-scratching and frustration, as double and triple-checks confirmed that nothing else changed.

PingFederate Solution

Since the days that PingFederate began using the UnboundID libraries for LDAP integration, a neat little trick is available to turn on the logging of the LDAP classes to see what is going on. By enabling this logging, we were able to see what PingFederate was getting back from LDAP binds/searches, in voluminous detail in the server.log file. The trick is to add the following lines at the end of the PingFederate run.properties file:

# Enable LDAP Logging
# These properties will enable LDAP logging in the server.log
# Additional settings for debug level include: "ALL", "SEVERE",


By making this change and restarting the PingFederate server, we were able to troubleshoot the issue and determine what was going on by scrubbing the server log. Interestingly we identified that starting in PingFederate version 8, the syntax for administrator roles became case sensitive, which in PingFederate version 7 was not the case.

Use this tip for troubleshooting PingFederate LDAP isses to your advantage. We have found it particularly helpful for issues with HTML Form, attribute queries, and Admin Console login issues. If you have any comments or questions, please contact us!

Rate this blog entry: