Help with ldap authentication

algo-se · May 25, 2021, 2:07pm

Hi,

I´ve tried to use ldap with many configurations, I´ve read every ldap post in this forum and the some on the internet, but I have not been able to log in yet. Could you help me to debug this or point me to something to learn more about how this work?

This is a picture of the ldap server:
ldapserver

I´ve tried many configurations but none of them work:

ldap:
    url: ldap://192.168.xxx.xxx:389/dc=contoso,dc=corp
    user-dn-pattern: uid={0}
    group-search-base:
    group-search-filter: (uniqueMember={0})
    manager-dn: admin@contoso.corp
    manager-password: ****

  ldap:
    url: ldap://192.168.xxx.xxx:389/dc=contoso,dc=corp
    manager-dn: cn=admin,OU=admin group,DC=contoso,DC=corp
    manager-password: ****
    user_search_base:
    user-search-filter: (sAMAccountName={0})
    group-search-base: ou=ORGANIGRAMA
    group-search-filter: (member={0})

etc…

jkh1 · May 27, 2021, 6:50am

The LDAP details have to be put in the application.yml configuration file. A basic set up for LDAP authentication should look something like:

  proxy:
    authentication: ldap
    ldap:
      url: ldap://xxxx:389/dc=yyy,dc=zzz
      user-search-filter: uid={0}
    docker:
      url: ...

You probably need to replace user-dn-pattern with user-search-filter. In my case, the LDAP server allows anonymous binds so no need for manager-dn.
I don’t know what you’re trying to achieve but maybe start with this simple set up before adding more LDAP-related functionalities. Also worth considering is whether the LDAP server is configured properly (e.g. does it work for other services?).
I hope this puts you on the right track.

algo-se · May 28, 2021, 5:19am

It did! I just tried to login to the LDAP server with the manager account IT provided and couldn´t. Apparently they gave me a wrong password…

Thanks a lot for taking the time to answer and for the help!

algo-se · June 29, 2021, 12:12pm

I’ll post how the configuration ended working for me just in case anyone finds it helpful:

proxy:

  #### LDAP Authentication ####
  authentication: ldap
  ldap:
    url: ldap://192.168.x.xxx:389/DC=company,DC=com
    manager-dn: user@company.com
    manager-password: user_password
    user-search-filter: (sAMAccountName={0})
    user-search-base:
    group-search-filter: (member={0})
    group-search-base: OU=GROUP

algo-se · July 19, 2021, 11:54am

Edit:

Use url: ldap://192.168.x.xxx:3268/DC=company,DC=com (note the 3268 port!) if you have to look into different subtrees.