LDAP users unable to log in

Added by Melissa Bitner almost 12 years ago

I'm trying to get Redmine authentication working against OpenLDAP but login fails with an invalid user or password error. This is the configuration I have for the LDAP server:

Name: LDAP Server
Host: hostname.edu
Port: 636
Use LDAPS: Yes
Account: authuser
Password: password
Base DN: cn=users,dc=university,dc=edu
On-the-fly user creation: No
Login: uid
First Name: givenName
Last Name: sn
Email: mail

Testing the connection works just fine, but if I create a user with a valid LDAP uid as the Redmine login, no password, and LDAP server as the authentication method when the user tries to log in they get an invalid user or password error.

I did some searching and found some suggestions for trying different configurations for the account. I tried hostname/authuser and uid=authuser,cn=users,dc=university,dc=edu for the account and both of those had the same results - invalid user or password.

So I turned up logging to debug to see if I could get any errors but there aren't any in the logs. The interesting thing is that it looks like the LDAP authentication process should show up in the logs if logging is set to debug but there's nothing at all, so I don't think the authentication process is even hitting the LDAP server. All that shows up in the logs is this:

Processing AccountController#login (for at 2008-09-23 16:26:04) [POST]
Session ID: ec220fb5875146730adc321709966ec5
Parameters: {"back_url"=>"http://localhost:3000/", "action"=>"login", "username"=>"ldapuser", "controller"=>"account", "password"=>"[FILTERED]", "login"=>"Login »"}
[4;36;1mSQL (0.000518) [0m [0;1mSELECT max(`settings`.updated_on) AS max_updated_on FROM `settings` [0m
[4;35;1mAnonymousUser Load (0.002300) [0m [0mSELECT * FROM `users` WHERE ( (`users`.`type` = 'AnonymousUser' ) ) LIMIT 1 [0m
[4;36;1mUser Load (0.003816) [0m [0;1mSELECT * FROM `users` WHERE (login='ldapuser') LIMIT 1 [0m
[4;35;1mAuthSource Load (0.001942) [0m [0mSELECT * FROM `auth_sources` WHERE (`auth_sources`.`id` = 1) 
Rendering template within layouts/base
Rendering account/login
[4;36;1mSQL (0.000580) [0m [0;1mSELECT count(DISTINCT `members`.id) AS count_all FROM `members` LEFT OUTER JOIN `projects` ON `projects`.id = `members`.project_id LEFT OUTER JOIN `roles` ON `roles`.id = `members`.role_id WHERE (`members`.user_id = 2 AND (projects.status=1)) [0m
Completed in 1.00826 (0 reqs/sec) | Rendering: 0.00887 (0%) | DB: 0.00916 (0%) | 200 OK [http://localhost/login]

The instance I'm trying to get set up is running on Apache 2 on a Linux server through CGI, but I've tried the same setup on my local machine (Mac) using WEBrick and get the same results. Here is the output of script/about:

Ruby version 1.8.7 (i686-linux)
RubyGems version 1.2.0
Rails version 2.0.2
Active Record version 2.0.2
Action Pack version 2.0.2
Active Resource version 2.0.2
Action Mailer version 2.0.2
Active Support version 2.0.2
Application root /home/redmine
Environment production
Database adapter mysql

Does anyone have any suggestions for things I could try to figure out what the problem is? Thank you very much.

Replies (1)

RE: LDAP users unable to log in - Added by Melissa Bitner almost 12 years ago

The problem turned out to be with the bind dn - using my credentials instead of the authuser account worked and removing the account altogether worked as well.