Active Directory LDAP login instructions
Added by Chris Rose over 15 years ago
So, I've configured the LDAP authentication settings, including a read-capable user to perform the bind, but now I can't get a test user to log in.
The setup it this:
Host: ldap.mycompany.com Port: 389 User: MYDOMAIN\readuser Password: ***** Base DN: cn=Users,dc=ldap,dc=mycompany,dc=com On-The-Fly creation: YES Login: sAMAccountName FirstName: givenName LastName: sN Email: email
I have a test user, call it 'testuser' who is also in the domain MYDOMAIN. When I try to log in using the username 'testuser', Wireshark tells me that the LDAP server is returning 0 results:
Request:
40 266.222567 my-host.mycompany.com ldap.mycompany.com LDAP searchRequest(2) "cn=Users,dc=ldap,dc=mycompany,dc=com " wholeSubtree
Response:
41 266.223288 ldap.mycompany.com my-host.mycompany.com LDAP searchResDone(2) success [0 results]
When I try to enter the username 'MYDOMAIN\testuser' in the login field, nothing is sent out to LDAP at all.
What am I missing?
Replies (8)
RE: Active Directory LDAP login instructions
-
Added by andy copsey over 15 years ago
Try the username as a DN, rather than a login. Look it up if necessary with a ldap browser such as softerra.
Coppo
RE: Active Directory LDAP login instructions
-
Added by Chris Rose over 15 years ago
It turns out not to be the case.
The right configuration is documented here.
RE: Active Directory LDAP login instructions
-
Added by Felix Schäfer over 15 years ago
If you got it to work, maybe you could edit the Guide (or trigger such an update)?
RE: Active Directory LDAP login instructions
-
Added by Chris Rose over 15 years ago
I'm not sure if I'm allowed to do that. I'll try, though.
RE: Active Directory LDAP login instructions
-
Added by andy copsey over 15 years ago
What fixed it for us was the format of the username needing to be in distinguished name format rather than login name. (windows sbs2003 active directory) after spending days (so much for free software) trying to get it to authenticate users. The base DN could be set almost anywhere as long as it was somewhere in the tree above the list of users needing access.
Coppo
RE: Active Directory LDAP login instructions
-
Added by seele speicher about 14 years ago
All configuration above is wrong, i have configuration where posted in my blogs
check it out: http://syahik.wordpress.com/?p=73
RE: Active Directory LDAP login instructions
-
Added by seele speicher almost 14 years ago
sorry for invalid links, here another page: http://syahik.wordpress.com/2011/04/21/redmine-authentication-with-ad/
RE: Active Directory LDAP login instructions
-
Added by Angel Berrios Davila about 12 years ago
For us it worked this way on a Windows 2008 R2:
Port - 389
Account - username@domain.local
Base DN - DC=domain,DC=localOn-the-fly user creation - check
Login - sAMAccountName
First name - givenName
Last name - sN
Email - mail