Login using Mac OS X OpenDirectory (LDAP) not working
|Category:||Accounts / authentication|
I've setup a LDAP Auth Source using a Mac OS X server open directory (LDAP). The connection test is successful (using the link on the page). Anyway, I can't get login with my user / password. Please find the settings I've used :
- Create accounts on the fly => true
- Login => RecordName
- FirstName => RealName
- LastName => LastName
- Email => EmailAddress
By the way, Open Directory on mac os X 10.4 (not tested on 10.5) does not provide serared firstname and lastname. The name is combined in RealName (ex: "Jean-Philippe Lang").
I always get a "Invalid user or password" Error when I try to login with a ldap account (local accounts work fine).
#2 Updated by Philippe Lafoucrière about 5 years ago
Ok problem (almost) solved :
The account (cf RedmineLDAP) was incorrect (I did not provide full information for this account, like uid=diradmin,cn=user,dc=site,dc=com).
Anyway, I leave the bug open, since the test method seems to be always happy, even with wrong LDAP params (port, etc.).
#5 Updated by Robert Cerny about 5 years ago
I'm running Redmine 0.6.3 and still can't find a way how to allow users authenticate via LDAP hosted on OS X Server 10.4. I tried to enable debugging of DirectoryService on the server but get no details from Redmine. Do I understand correctly that Philippe got it to work?
#6 Updated by Philippe Lafoucrière about 5 years ago
yes I got it to work. You have to be careful of the params you provide to connect to your Open Directory Server, since the connexion test will be (almost) OK.
Please find the parameters I've used :
NAME : whateveryouwant
Host : yourhost...
Port : 636 with SSL (if you have enabled SSL for LDAP - "Server Admin" tool is your friend here)
account : uid=diradmin,cn=users,dc=mysite,dc=com => be careful to provide a valid user here, and pay attention to base DN (dc=mysite,dc=com to be replaced by your base)
password : ...
I've enabled on the fly user creation, and, as specified in the wiki, your users MUST have a valid LDAP account (=> with an email address !)
Login => uid
FirstName => cn
LastName => sn
Email => mail
Let me know if it helps, I'll provide a wiki page when I return of my holidays.
#7 Updated by Robert Cerny about 5 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
thanks for your help, my server is now authenticating as requested. My problem was in the account settings, the base DN was missing there. Please send me link to the new wiki page when you create it