If LDAP was not configured, or the Advanced LDAP settings were not used prior to installing the 2.0.1 patch, the "Restricted User Group Filter" and "User Query" fields may not show on the LDAP configuration screen. Instead, only the basic "Restricted User Group" field is shown.
Because of this, Rally services may fail to start or LDAP logins and synchronization may fail.
Analyzing ALM log file output may show the following errors:
2019-05-16 11:20:43,680 ERROR [LdapAuthenticationProvider] - Invalid LDAP filter
org.springframework.ldap.InvalidSearchFilterException: Empty filter; nested exception is javax.naming.directory.InvalidSearchFilterException: Empty filter; remaining name '/' ...
Caused by: javax.naming.directory.InvalidSearchFilterException: Empty filter
Release: RLOPPL99000-2.0-Rally-On Premise-Perpetual
1. SSH into the services VM as the ops user
2. Execute the following commands:
replicatedctl app-config set auth_source --value auth_type_internal
replicatedctl app-config set ldap_advanced_search --value 1
replicatedctl app apply-config -a