Project

General

Profile

Forums » Open discussion »

Trouble with LDAP

Added by Николай Остроушко over 10 years ago

Hello!

I recently encountered the Redmine, so some things for me may not be clear. I installed Redmine and set it up, I decided to set up authentication using LDAP, but unfortunately nothing has worked. There is a 2-server LDAP. 1 - Active Directory. 2 - OpenLDAP (created only for test redmine, nothing more). With plugin Ldap Sync, I checked that it sees LDAP. But the strange thing is that it only sees the group LDAP, but users - no. Tell me how to configure LDAP?

My system (I have 2 test system):
1. CentOS, Redmine 2.5.0, nginx(1.6.1), gems 2.2.2, Rails 3.2.19
2. CentOS, Redmine 2.5.2, Apache (2.2.15), gems 2.2.2, Rails 3.2.17


Replies (6)

RE: Trouble with LDAP - Added by Andrey Grachev about 10 years ago

What have you set up as "Login attribute" in LDAP authentification -> Authentification mode menu?
From my experience if it set to "mail" one has to provide his/her email as login (no aliases!).

RE: Trouble with LDAP - Added by Николай Остроушко about 10 years ago

Login attribute - samAcountName
Firstname attribute - givenName
Lastname attribute - sn
Email attribute - mail

This is for Active Directory.

I tested this configuration in Collab Subversion. There, it worked correctly.
Maybe I made a mistake in the settings?

RE: Trouble with LDAP - Added by Николай Остроушко about 10 years ago

I changed the login attribute on "mail", and this has worked. ()
But I want to use accountname for auth.

Я поменял Login attribute на "main", и это заработало.
Но я бы хотел, чтобы использовалось именно имя учетной записи Active Directory

RE: Trouble with LDAP - Added by Andrey Grachev about 10 years ago

I also used "uid" value for authentification via ShortName. I didn't try other settings or just failed make them working. Why just don't try other LDAP attibute names as "Login attribute"?

У меня еще получалось использовать "uid" для ShortName. Другие варианты я или не пробовал, или они не заработали. Просто попробуйте использовать названия других параметров LDAP как login attribute.

RE: Trouble with LDAP - Added by Николай Остроушко about 10 years ago

Thanks for your advice. He was very helpful. Is not entirely clear how, but after I entered the mail and then returned sAMAccountName he magically earned.

Спасибо за ваш совет. Он очень помог. Не совсем понятно каким образом, но после того, как я ввел mail а потом вернул sAMAccountName, он магическим образом заработал.

RE: Trouble with LDAP - Added by Andrey Grachev about 10 years ago

You are welcome!

    (1-6/6)