Redmine with LDAP Authentication issue - Invalid Credentials

Added by Ren Hert 16 days ago

Dear All,

Sorry, but i can not seem to insert my in-detail issue here, as for some reasons it won't allow me to post it due to "it was considered spam or my ip address (***.***.***.***) is temporarily blocked..

To summarize it : I've redmine, openldap and phpldapadmin installed. Everything is working great, except for the users with "Ldap Authentication" auth type can not log in to redmine, receiving the error : Invalid Credentials. I've tried to debug it, looked through the error logs it produced, but i couldn't get too far with it

This is the link to my original (in-detailed) question. I'd really appreciate if any of you might have a tip where i could have gone wrong.

https://serverfault.com/questions/866928/openldap-configuration-issue

Thank you in advance: Archy

Replies (4)

RE: Redmine with LDAP Authentication issue - Invalid Credentials - Added by Siddharth Kaul 12 days ago

I am not sure if this will help but still no harm in trying.

Two things that i checked that worked for me. (i was not using OpenLDAP though)
1 - I searched the username using LDAPSearch(or equivalent command in LDAP-UTILS). This way i cross confirmed my input server settings.

2 - In redmine in LDAP Authentication there is an attribute segment. Something like in the attached image.
As you are using OpenLDAP there is an option for changing this "Login Attribute". What you can check is confirm in the Authentication Profile (Must be some other file in OpenLDAP) that the attribute matches. If this attribute doesnt match then you cannot login to redmine as your username will be made to be invalid.

Most probably it will be the second issue as in my case too I had a different Login Attribute than it is shown in the attached image.

Hope this helps.

RedmineAttribute.PNG - Redmine Attribute (8.74 KB)

RE: Redmine with LDAP Authentication issue - Invalid Credentials - Added by Ren Hert 12 days ago

Dear Kaul,
Thank you for your response.

As per your suggestions:

1. ldapsearch returns the correct full dn of an entry i searched for.
2. i'm attaching a screenshot of my redmine's login attributes. The login attribute in my case is "mail" which is defined for all users in my ldap

However i believe i've found the root of my problem. Setting the loglevel in ldap for stats and stats2 (basically it logs the authentication and connections requests and responses whenever someone tries to authenticate or otherwise access my ldap) turns out that for some reasons the attribute "mail" and "objectClass" is not indexed in my backend DB.

I'm trying to correct this issue at the moment, I'll keep you updated once i finish reindexing it.

Cheers: Archy

RE: Redmine with LDAP Authentication issue - Invalid Credentials - Added by Ren Hert 10 days ago

Dear All, i've finally figured out what the problem was

First of all, i forgot to include the indexes: "objectClass" and "mail" in my slapd.conf and this was one of the reasons.

Second of all, for some reasons even if i reconfigured my ldap (and reindexed it as well) my changes wouldn't show.

As it turns out, (after restarting the service when you've finished modifying) it's also necessary to reload your slapd service "sudo service slapd reload" (or sudo service slapd force-reload if necessary) in order for slapd to catch up with the changes.

This solved my issue. now everyone can authenticate using ldap auth :)

RE: Redmine with LDAP Authentication issue - Invalid Credentials - Added by Siddharth Kaul 4 days ago

Thank you for this information this is actually useful.
Atleast for me.

(1-4/4)