Login with Active Directory User / LDAP Configuration
See original GitHub issueIssue Description
Hello everyone,
for the past days I’ve tried to hook up 4minitz to our Active Directory via LDAP configuration. For the moment and after reading #348 up and downwards I’m totally lost.
After testing on the stable release I’m currenty using this docker :
Version: {
"tag": "v1.1.0-develop",
"branch": "develop",
"commitlong": "8bb7c937b9e8bdb536ec918db67b287fc269cf62",
"commitshort": "8bb7c937",
"date": "2018-01-07"
}
And my configuration for LDAP looks like this :
"ldap": {
"enabled": true,
"propertyMap": {
"username": "sAMAccountName",
"longname": "cn",
"email": "mail"
},
"//1": "Optional, will perform bind with these credentials before searching for users",
"authentication": {
"userDn": "cn=Global LDAP Helper, ou=ServiceUser, ou=DE-User, dc=ourdomain, dc=de",
"password": "supersecretpassword"
},
"searchFilter": "(objectClass=user)",
"serverDn": "DC=ourdomain,DC=de",
"serverUrl": "ldap://dc1.ourdomain.de:389",
"allowSelfSignedTLS": true,
"whiteListedFields": [ "sAMAccountName", "cn", "department", "employeeNumber", "mail", "mailEnabled" ],
"inactiveUsers": {"strategy": "userAccountControl"},
"autopublishFields": [ "cn" ],
"importCronTab": false
},
From the 4minitz logfile I’m getting this :
LDAP bind failed with error
{"dn":"","code":49,"name":"InvalidCredentialsError","message":"80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580\u0000"}
I’m confused cause the bind with the configured “userDn” setup within “authentication” never took place. Wireshark told me that only the username of my testuser that tried to login on the webinterface was submitted :
171 24.876221144 172.17.0.72 192.168.1.18 LDAP 134 bindRequest(1) "sAMAccountName=testuser,DC=ourdomain,DC=de" simple
172 24.876638474 192.168.1.18 172.17.0.72 LDAP 176 bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580)
I’ve also played with "bindWith": "dn",
but that just led to "dn=testuser,DC=ourdomain,DC=de" simple
which will never work cause the users dn is "dn=testuser,OU=Testing,OU=DE-Users,DC=ourdomain,DC=de"
What was also tested :
"authentication": {
"userDn": "globalldaphelper@ourdomain.de",
"password": "supersecretpassword"
},
"authentication": {
"userDn": "NETBIOS\globalldaphelper,
"password": "supersecretpassword"
},
"authentication": {
"userDn": "NETBIOS\\globalldaphelper,
"password": "supersecretpassword"
},
I’ve also tested "importOnLaunch": true,
but that didn’t seem to have any effects. Shouldn’t there be any entries in the log if the import starts oder fails on some point? Wireshark didn’t show any action either.
What am I missing?
Appreciate any help on this.
Issue Analytics
- State:
- Created 5 years ago
- Comments:11 (7 by maintainers)
Thx for your work @derwok
I can confirm it works now. Users are imported and LDAP users can login with their credentials.
I’ll recheck the final v1.5 after release. Again thanks for sorting this out.
Yea! Great news. Thanks for your feedback & patience. I will merge the fix branch to develop this evening.