Active Directory LDAP login instructions
So, I've configured the LDAP authentication settings, including a read-capable user to perform the bind, but now I can't get a test user to log in.
The setup it this:
Host: ldap.mycompany.com Port: 389 User: MYDOMAIN\readuser Password: ***** Base DN: cn=Users,dc=ldap,dc=mycompany,dc=com On-The-Fly creation: YES Login: sAMAccountName FirstName: givenName LastName: sN Email: email
I have a test user, call it 'testuser' who is also in the domain MYDOMAIN. When I try to log in using the username 'testuser', Wireshark tells me that the LDAP server is returning 0 results:
40 266.222567 my-host.mycompany.com ldap.mycompany.com LDAP searchRequest(2) "cn=Users,dc=ldap,dc=mycompany,dc=com " wholeSubtree
41 266.223288 ldap.mycompany.com my-host.mycompany.com LDAP searchResDone(2) success [0 results]
When I try to enter the username 'MYDOMAIN\testuser' in the login field, nothing is sent out to LDAP at all.
What am I missing?
Try the username as a DN, rather than a login. Look it up if necessary with a ldap browser such as softerra.
It turns out not to be the case.
The right configuration is documented here.
If you got it to work, maybe you could edit the Guide (or trigger such an update)?
I'm not sure if I'm allowed to do that. I'll try, though.
What fixed it for us was the format of the username needing to be in distinguished name format rather than login name. (windows sbs2003 active directory) after spending days (so much for free software) trying to get it to authenticate users. The base DN could be set almost anywhere as long as it was somewhere in the tree above the list of users needing access.
All configuration above is wrong, i have configuration where posted in my blogs
check it out: http://syahik.wordpress.com/?p=73
sorry for invalid links, here another page: http://syahik.wordpress.com/2011/04/21/redmine-authentication-with-ad/
For us it worked this way on a Windows 2008 R2:
Port - 389
Account - firstname.lastname@example.org
Base DN - DC=domain,DC=local
On-the-fly user creation - check
Login - sAMAccountName
First name - givenName
Last name - sN
Email - mail