Defect #11289
LDAP authentication with group filter issue
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | LDAP | |||
| Target version: | - | |||
| Resolution: | Invalid | Affected version: | 1.4.4 |
Description
Hi guys
is LDAP group authentication possible with redmine ? ,because im trying to put ldap filer to get ldap group authentication working ,but when i try to setup ldap filter it says filter is wrong, is there any special syntax need to follow , please let me know is there any way to achieve LDAP group authentication.
These are my settings ,
Name :LDAP Authentication
Host : ldap.ihx.com
Port :389
Account:cn=admin,dc=ldap,dc=ihk,dc=com
Password:abc
Base DN :dc=ldap,dc=ihk,dc=com
LDAP filter :
These are the ldap filters that i used ,
(&(mail=%s)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
(&(mail=*)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
Thanks you
John
History
#1
Updated by john val over 9 years ago
Hi... guys ..
any update on this .. is this feature availbe in new redmine 2.1.2
#2
Updated by Paulo Neves over 8 years ago
Have you tried running it with manually with ldapsearch? (Assuming you are on *nix)
#3
Updated by Nikolay Didenko over 7 years ago
It does not work for me on redmine 2.6.0.
My filter is "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" - active users only
I was also using next filters:
&(objectClass=posixAccount)(sambaAcctFlags=[U ])
(sambaAcctFlags=[U ])
sambaAcctFlags=[U ]
When i save settings with these filters I get error "LDAP filter is invalid".
#4
Updated by Jean-Philippe Lang over 7 years ago
- Status changed from New to Closed
- Resolution set to Invalid
According to ruby net/ldap which is used by Redmine, this filter is invalid:
irb(main):001:0> require 'net/ldap' => true irb(main):002:0> f = "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" => "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" irb(main):003:0> Net::LDAP::Filter.construct f Net::LDAP::LdapError: Invalid filter syntax.
[U ] seems to be the problem.
#5
Updated by Nikolay Didenko over 7 years ago
Jean-Philippe Lang wrote:
According to ruby net/ldap which is used by Redmine, this filter is invalid:
[...]
[U ] seems to be the problem.
strange behavior of ruby net/ldap module... :(
rugionpro:releases n$ ldapsearch -LLL -h localhost -p 2389 -z 1 -x -b "dc=rugion,dc=ru" -s sub '(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))' "dn" dn: *****************,dc=rugion,dc=ru
PS: I am using this filter in Apache Http server, some other applications successfully.
It is a bug in net/ldap - https://github.com/ruby-ldap/ruby-net-ldap/pull/157