Project

General

Profile

Actions
Copy link

Defect #11289

closed

LDAP authentication with group filter issue

Added by john val about 13 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
LDAP
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
1.4.4

Description

Hi guys

is LDAP group authentication possible with redmine ? ,because im trying to put ldap filer to get ldap group authentication working ,but when i try to setup ldap filter it says filter is wrong, is there any special syntax need to follow , please let me know is there any way to achieve LDAP group authentication.

These are my settings ,

Name :LDAP Authentication
Host : ldap.ihx.com
Port :389
Account:cn=admin,dc=ldap,dc=ihk,dc=com
Password:abc
Base DN :dc=ldap,dc=ihk,dc=com
LDAP filter :

These are the ldap filters that i used ,

(&(mail=%s)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))
(&(mail=*)(memberOf=cn=employees,dc=ldap,dc=ihk,dc=com))

Thanks you
John

Actions
Copy link
 #1

Updated by john val over 12 years ago

Hi... guys ..

any update on this .. is this feature availbe in new redmine 2.1.2

Actions
Copy link
 #2

Updated by Paulo Neves almost 12 years ago

Have you tried running it with manually with ldapsearch? (Assuming you are on *nix)

Actions
Copy link
 #3

Updated by Nikolay Didenko over 10 years ago

It does not work for me on redmine 2.6.0.
My filter is "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" - active users only
I was also using next filters:
&(objectClass=posixAccount)(sambaAcctFlags=[U ])
(sambaAcctFlags=[U ])
sambaAcctFlags=[U ]
When i save settings with these filters I get error "LDAP filter is invalid".

Actions
Copy link
 #4

Updated by Jean-Philippe Lang over 10 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

According to ruby net/ldap which is used by Redmine, this filter is invalid:

irb(main):001:0> require 'net/ldap'
=> true
irb(main):002:0> f = "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" 
=> "(&(objectClass=posixAccount)(sambaAcctFlags=[U ]))" 
irb(main):003:0> Net::LDAP::Filter.construct f
Net::LDAP::LdapError: Invalid filter syntax.

[U ] seems to be the problem.

Actions
Copy link
 #5

Updated by Nikolay Didenko over 10 years ago

Jean-Philippe Lang wrote:

According to ruby net/ldap which is used by Redmine, this filter is invalid:

[...]

[U ] seems to be the problem.

strange behavior of ruby net/ldap module... :(

rugionpro:releases n$ ldapsearch -LLL -h localhost -p 2389 -z 1 -x -b "dc=rugion,dc=ru" -s sub '(&(objectClass=posixAccount)(sambaAcctFlags=[U          ]))' "dn" 
dn: *****************,dc=rugion,dc=ru

PS: I am using this filter in Apache Http server, some other applications successfully.

It is a bug in net/ldap - https://github.com/ruby-ldap/ruby-net-ldap/pull/157

Actions
Copy link

Also available in: Atom PDF