Defect #11289
closedLDAP authentication with group filter issue
0%
Description
Hi guys
is LDAP group authentication possible with redmine ? ,because im trying to put ldap filer to get ldap group authentication working ,but when i try to setup ldap filter it says filter is wrong, is there any special syntax need to follow , please let me know is there any way to achieve LDAP group authentication.
These are my settings ,
Name :LDAP Authentication
Host : ldap.ihx.com
Port :389
Account:cn=admin,dc=ldap,dc=ihk,dc=com
Password:abc
Base DN :dc=ldap,dc=ihk,dc=com
LDAP filter :
These are the ldap filters that i used ,
(&(mail=%s)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
(&(mail=*)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
Thanks you
John
Updated by john val about 12 years ago
Hi... guys ..
any update on this .. is this feature availbe in new redmine 2.1.2
Updated by Paulo Neves over 11 years ago
Have you tried running it with manually with ldapsearch? (Assuming you are on *nix)
Updated by Nikolay Didenko about 10 years ago
It does not work for me on redmine 2.6.0.
My filter is "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" - active users only
I was also using next filters:
&(objectClass=posixAccount)(sambaAcctFlags=[U ])
(sambaAcctFlags=[U ])
sambaAcctFlags=[U ]
When i save settings with these filters I get error "LDAP filter is invalid".
Updated by Jean-Philippe Lang about 10 years ago
- Status changed from New to Closed
- Resolution set to Invalid
According to ruby net/ldap which is used by Redmine, this filter is invalid:
irb(main):001:0> require 'net/ldap' => true irb(main):002:0> f = "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" => "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" irb(main):003:0> Net::LDAP::Filter.construct f Net::LDAP::LdapError: Invalid filter syntax.
[U ] seems to be the problem.
Updated by Nikolay Didenko about 10 years ago
Jean-Philippe Lang wrote:
According to ruby net/ldap which is used by Redmine, this filter is invalid:
[...]
[U ] seems to be the problem.
strange behavior of ruby net/ldap module... :(
rugionpro:releases n$ ldapsearch -LLL -h localhost -p 2389 -z 1 -x -b "dc=rugion,dc=ru" -s sub '(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))' "dn" dn: *****************,dc=rugion,dc=ru
PS: I am using this filter in Apache Http server, some other applications successfully.
It is a bug in net/ldap - https://github.com/ruby-ldap/ruby-net-ldap/pull/157