Lightrun
question-mark

Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Login with Active Directory User / LDAP Configuration

See original GitHub issue

Issue Description

Hello everyone,

for the past days I’ve tried to hook up 4minitz to our Active Directory via LDAP configuration. For the moment and after reading #348 up and downwards I’m totally lost.

After testing on the stable release I’m currenty using this docker :

Version: {
    "tag": "v1.1.0-develop",
    "branch": "develop",
    "commitlong": "8bb7c937b9e8bdb536ec918db67b287fc269cf62",
    "commitshort": "8bb7c937",
    "date": "2018-01-07"
}

And my configuration for LDAP looks like this :

"ldap": {
        "enabled": true,
        "propertyMap": {
            "username": "sAMAccountName",
            "longname": "cn",
            "email": "mail"
        },
        "//1": "Optional, will perform bind with these credentials before searching for users",
        "authentication": {
            "userDn": "cn=Global LDAP Helper, ou=ServiceUser, ou=DE-User, dc=ourdomain, dc=de",
            "password": "supersecretpassword"
        },
        "searchFilter": "(objectClass=user)",
        "serverDn": "DC=ourdomain,DC=de",
        "serverUrl": "ldap://dc1.ourdomain.de:389",
        "allowSelfSignedTLS": true,
        "whiteListedFields": [ "sAMAccountName", "cn", "department", "employeeNumber", "mail", "mailEnabled" ],
        "inactiveUsers": {"strategy": "userAccountControl"},
        "autopublishFields": [ "cn" ],
        "importCronTab": false
    },

From the 4minitz logfile I’m getting this :

LDAP bind failed with error
{"dn":"","code":49,"name":"InvalidCredentialsError","message":"80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580\u0000"}

I’m confused cause the bind with the configured “userDn” setup within “authentication” never took place. Wireshark told me that only the username of my testuser that tried to login on the webinterface was submitted :

171	24.876221144	172.17.0.72	192.168.1.18	LDAP	134	bindRequest(1) "sAMAccountName=testuser,DC=ourdomain,DC=de" simple 
172	24.876638474	192.168.1.18	172.17.0.72	LDAP	176	bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580)

I’ve also played with "bindWith": "dn", but that just led to "dn=testuser,DC=ourdomain,DC=de" simple which will never work cause the users dn is "dn=testuser,OU=Testing,OU=DE-Users,DC=ourdomain,DC=de"

What was also tested :

        "authentication": {
            "userDn": "globalldaphelper@ourdomain.de",
            "password": "supersecretpassword"
        },

        "authentication": {
            "userDn": "NETBIOS\globalldaphelper,
            "password": "supersecretpassword"
        },

        "authentication": {
            "userDn": "NETBIOS\\globalldaphelper,
            "password": "supersecretpassword"
        },

I’ve also tested "importOnLaunch": true, but that didn’t seem to have any effects. Shouldn’t there be any entries in the log if the import starts oder fails on some point? Wireshark didn’t show any action either.

What am I missing?

Appreciate any help on this.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:11 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
DrEvilInFlamescommented, Apr 13, 2018

Thx for your work @derwok

I can confirm it works now. Users are imported and LDAP users can login with their credentials.

I’ll recheck the final v1.5 after release. Again thanks for sorting this out.

0reactions
derwokcommented, Apr 13, 2018

Yea! Great news. Thanks for your feedback & patience. I will merge the fix branch to develop this evening.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Active Directory and LDAP Authentication Guide - DNSstuff
It provides authorization and authentication for computers, users, and groups, to enforce security policies across Windows operating systems.
Read more >
How to integrate LDAP/Active Directory user authentication?
In the authentication method for login drop-down list, select LDAP + Local Users and Click Configure LDAP. Image; If you are connected to...
Read more >
Setting Up LDAP Integration with Active Directory - Parallels
Integrating LDAP and AD can help you streamline IAM operations in your organization by allowing users to authenticate themselves to on-premises ...
Read more >
Setting up Active Directory Authentication using LDAP
Enter the LDAP "Server" and "Port" attributes on the Server Overview tab of the LDAP Users page. · Enter the proper base for...
Read more >
How to enable LDAP signing - Windows Server - Microsoft Learn
How to set the client LDAP signing requirement by using local computer policy · Select Start > Run, type mmc.exe, and then select...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

LDAPS and custom certificate

Next page

Active Directory LDAP Issues