 Active Directory LDAP login fails
Active Directory LDAP login fails
Added by Alberto Cennini about 11 years ago
Hi, I have same user to check on Active Directory LDAP. I confirgured the server and the test connection is ok, but when I try to login whit UTREDMINETST user I receive Invalid user or password message. 
This is the production.log informations:
Started POST "/redmine/login" for 127.0.0.1 at 2014-08-04 15:09:29 +0200
Processing by AccountController#login as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"MOQAYeO6PiaVKrlpjYi0WGO0cd4g8qmxPfiz1ufUloQ=", "back_url"=>"http://localhost:8080/redmine/", "username"=>"UTREDMINETST", "password"=>"[FILTERED]", "login"=>"Entra »"}
  Current user: anonymous
Failed login for 'UTREDMINETST' from 127.0.0.1 at 2014-08-04 13:09:29 UTC
  Rendered account/login.html.erb within layouts/base (2.0ms)
Completed 200 OK in 341ms (Views: 63.0ms | ActiveRecord: 4.0ms)
I user 389 port, dc=it as DN Base, sAMAccountName as Connection, givenName as Name, sn as Surname and mail as email attribute. 
Any help ? Thanks
Environment:
  Redmine version                2.3.2.stable
  Ruby version                   1.9.3-p231 (2012-05-25) [i386-mingw32]
  Rails version                  3.2.13
  Environment                    production
  Database adapter               Mysql2
Redmine plugins:
  extended_fields                0.2.2
  redmine_hours                  0.1.0
  redmine_landing_page           0.1.0
  redmine_plugin_views_revisions 0.0.1
  redmine_smart_issues_sort      0.3.1
  redmine_spent_time             2.4.0
  redmine_watcher_groups         0.0.1
  redmine_workload               1.0.2
Replies (15)
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Any help ? 
Thanks
     RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
  
  Hi Alberto,
Your DN base doesn't seem correct.
I recommend you use a tool such as LDAP Browser to find the correct path to your users.
Cheers,
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Hi Martin, thanks for your replay. 
I checked with ldap browser and changed the DN name with the same string (CN=Configuration,DC=gr-u,DC=it). 
I still receive the message Invalid user or password 
Is there any other test I can do ? 
Thanks
Alberto
     RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
  
  Mine looks like (edited):
CN=Users,DC=company,DC=lan
For the domain company.lan (edited).
When I had LDAP problems I would not understand, I would do some
tcpdump on the server to capture the conversation between Redmine and AD.It's not really simple if you never did it before.
Cheers,
     RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
  
  Did you try using "mail" or "uid" as Connection string?
So you should provide full email or Short name/UID as login string.
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Martin Denizet (redmine.org team member) wrote:
Mine looks like (edited):
[...]
For the domain company.lan (edited).
When I had LDAP problems I would not understand, I would do sometcpdumpon the server to capture the conversation between Redmine and AD.
It's not really simple if you never did it before.
Cheers,
Hi Martin,
also with CN=Users I receive Invalid user or password error.  
Thanks, Alberto
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Andrey Grachev wrote:
Did you try using "mail" or "uid" as Connection string?
So you should provide full email or Short name/UID as login string.
Hi Andrey, 
could you please give me a sample ? I don't understand what I have to change. 
Thanks
Alberto
     RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
  
  Andrey is on a good lead I think.
In my setup I use sAMAccountName so in order to login with LDAP I just input my username (firstname.lastname), in that case DOMAIN\firstname.lastname or firstname.lastname@domain.lan don't work.
Alberto, what did you put in the "Login" field in the LDAP configuration? And When you login what do you type as a login?
Cheers,
     RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Martin Denizet (redmine.org team member) about 11 years ago
  
  I forgot but it would be nice to know what you put in the "Account" field in the LDAP settings.
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Hi Martin, 
in attach the LDAP configuration. I don't have Account and Password setted: should I ? 
In Login field I have sAMAccountName 
This is the string I found in AD server: 
CN=UTREDMINETST,OU=Service Account,OU=Servizio,DC=servizi,DC=gr-u,DC=it,"UTREDMINETST","UTREDMINETST","utenza tecnica di test per redmine"
I try to login inputing UTREDMINETST in user field.
Thanks
Alberto
     RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
  
  Hi Alberto,
When setting up LDAP authentification you have to set up what LDAP attribute to be sent for authorization. You use sANAccountName. I use mail. See an attached example (I assume LDAP port and LDAP server are set up correctly and connection test is successful).
PS Base DN field is not set in my settings.
| LDAP_login_example.png (4.27 KB) LDAP_login_example.png | 
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Hi Andrey, 
the test connection is ok. 
I setted  sAMAccountName in order to login with user id, I hope it's the right value. 
Is there an easy way to try to login out of redmine ?  
Thanks
     RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
  
  Hi Alberto,
I am not skilled in LDAP, but there is free Softerra LDAP browser, I think it can help you.
     RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Alberto Cennini about 11 years ago
  
  Hi Andrey. 
I tried Softerra and this is the log output of connection using UTREDMINETST user (cn=utredminetst):
- Search Request
- Message ID: 372
- Date: 20140828065613.0Z
- Server: ldap://ldap.servizi.gr-u.it:389
- Base DN: cn=utredminetst,ou=service account,ou=servizio,dc=servizi,dc=gr-u,dc=it
- Search scope: base
- Filter: (objectClass=*)
- Attributes: accountExpires, assistant, c, cn, company, department, description, displayName, division
- employeeID, facsimileTelephoneNumber, generationQualifier, givenName, homeDirectory, homeDrive
- homePhone, initials, ipPhone, l, logonHours, mail, manager, middleName, mobile, otherFacsimileTelephoneNumber
- otherHomePhone, otherIpPhone, otherMobile, otherPager, otherTelephone, ou, pager, physicalDeliveryOfficeName
- postOfficeBox, postalCode, profilePath, sAMAccountname, scriptPath, secretary, seeAlso, sn
- st, streetAddress, telephoneNumber, thumbnailPhoto, title, url, userAccountControl, userPrincipalName
- userWorkstations, wwwHomePage
- Attributes only: no
- Size limit: 0 (no limit)
- Time limit: 0 (no limit)
- Dereference aliases: 0 (Never)
- Referral chasing: 0x0 (query: None, mode: Merge)
- Search Result: Done
- Message ID: 372
- Date: 20140828065613.0Z
- Server: ldap://ldap.servizi.gr-u.it:389
- Result code: 0 (Operazioni riuscite)
- Search Result: Entry
- Message ID: 372
- Date: 20140828065613.0Z
- Server: ldap://ldap.servizi.gr-u.it:389
 dn: cn=utredminetst,ou=service account,ou=servizio,dc=servizi,dc=gr-u,dc=it
 cn: UTREDMINETST
 description: utenza tecnica di test per redmine
 givenName: UTREDMINETST
 displayName: UTREDMINETST
 userAccountControl: 66048
 accountExpires: 9223372036854775807
 sAMAccountName: UTREDMINETST
 userPrincipalName: UTREDMINETST@servizi.gr-u.it
Thanks, Alberto
     RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
    RE: Active Directory LDAP login fails
    -
    Added by Andrey Grachev about 11 years ago
  
  Hi Alberto,
It seems UTREDMINETST as login name should work. I'm afraid I have no idea what is a problem.
A.