Defect #11289

LDAP authentication with group filter issue

Added by john val over 9 years ago. Updated about 7 years ago.

Status:ClosedStart date:
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:LDAP
Target version:-
Resolution:Invalid Affected version:1.4.4

Description

Hi guys

is LDAP group authentication possible with redmine ? ,because im trying to put ldap filer to get ldap group authentication working ,but when i try to setup ldap filter it says filter is wrong, is there any special syntax need to follow , please let me know is there any way to achieve LDAP group authentication.

These are my settings ,

Name :LDAP Authentication
Host : ldap.ihx.com
Port :389
Account:cn=admin,dc=ldap,dc=ihk,dc=com
Password:abc
Base DN :dc=ldap,dc=ihk,dc=com
LDAP filter :

These are the ldap filters that i used ,

(&(mail=%s)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
(&(mail=*)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))

Thanks you
John

History

#1 Updated by john val about 9 years ago

Hi... guys ..

any update on this .. is this feature availbe in new redmine 2.1.2

#2 Updated by Paulo Neves about 8 years ago

Have you tried running it with manually with ldapsearch? (Assuming you are on *nix)

#3 Updated by Nikolay Didenko about 7 years ago

It does not work for me on redmine 2.6.0.
My filter is "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" - active users only
I was also using next filters:
&(objectClass=posixAccount)(sambaAcctFlags=[U ])
(sambaAcctFlags=[U ])
sambaAcctFlags=[U ]
When i save settings with these filters I get error "LDAP filter is invalid".

#4 Updated by Jean-Philippe Lang about 7 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

According to ruby net/ldap which is used by Redmine, this filter is invalid:

irb(main):001:0> require 'net/ldap'
=> true
irb(main):002:0> f = "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" 
=> "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" 
irb(main):003:0> Net::LDAP::Filter.construct f
Net::LDAP::LdapError: Invalid filter syntax.

[U ] seems to be the problem.

#5 Updated by Nikolay Didenko about 7 years ago

Jean-Philippe Lang wrote:

According to ruby net/ldap which is used by Redmine, this filter is invalid:

[...]

[U ] seems to be the problem.

strange behavior of ruby net/ldap module... :(

rugionpro:releases n$ ldapsearch -LLL -h localhost -p 2389 -z 1 -x -b "dc=rugion,dc=ru" -s sub '(&(objectClass=posixAccount)(sambaAcctFlags=[U          ]))' "dn" 
dn: *****************,dc=rugion,dc=ru

PS: I am using this filter in Apache Http server, some other applications successfully.

It is a bug in net/ldap - https://github.com/ruby-ldap/ruby-net-ldap/pull/157

Also available in: Atom PDF