By default, when Log Insight connects to Active Directory, it first tries non-SSL LDAP, and then SSL LDAP if necessary.

If you want to limit the Active Directory communication to one particular protocol, or want to change the order of protocols that are tried, you must apply additional configurations in the Log Insight virtual appliance.

Verify that you have the root user credentials to log in to the Log Insight virtual appliance. See Configure the Root SSH Password for the Log Insight Virtual Appliance

To enable SSH connections, verify that TCP port 22 is open.


Establish an SSH connection to the Log Insight virtual appliance and log in as the root user.


Open the /usr/lib/loginisight/application/etc/loginsight-config-base.xml file for editing.

If you use a VI editor, the command is vi loginsight-config-base.xml.


In the Authentication section, add the line that corresponds to the configuration that you want to apply:



<ad-protocols value="LDAP" />

For specifically using LDAP without SSL

<ad-protocols value="LDAPS" />

For specifically using LDAP with SSL only

<ad-protocols value="LDAP,LDAPS" />

For specifically using LDAP first and then using LDAP with SSL.

<ad-protocols value="LDAPS,LDAP" />

For specifically using LDAPS first and then using LDAP without SSL

When you do not select a protocol, Log Insight attempts to use LDAP first, and then uses LDAP with SSL.


Save and close the file.


Run the service loginsight restart command.