[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap Configuration issues

On Sun, Aug 06, 2017 at 05:54:56PM +0200, R H wrote:

>     which is great, this is exactly the way it should look like, however I've
>     noticed, that cn=admin,o=testcompany.com entry doesn't exists, while it did
>     using the default config after i've installed openldap.

I assume that you cleared out the database at some point (which you should do,
to get rid of example entries from the distro). Thus, cn=admin,o=testcompany.com
will not exist unless you explicitly create it - and nor will o=testcompany.com
which you need to create first.

>  6. In Redmine, I've configured and tested the ldap authentication. It is
>     working correctly (it can both connect to my ldap and If i wish to add a
>     new user and choose the before configured ldap authentication for it, i can
>     even choose from the entries that are in my ldap, which is also great)
>  7. However (this is where my problem is) when i try to log into Redmine with a
>     user that i've just created (with ldap authentication) i always get Invalid
>     credentials error (while it works like a charm when i login with any other
>     account, created with Simple Authentication)
> These events led me to believe that the error is in the LDAP configuration.

Maybe, maybe not...

> After a few more hours/days of fooling around with the ACLs and
> dpkg-reconfigure slapd (and even purging-reinstalling slapd and ldap-utils) i

No point in changing stuff without knowing what is going on.

Add this to your config and restart slapd:

	loglevel stats,stats2

Find where the log stream goes to - probably /var/log/daemon.log or similar.
Look at the LDAP operations and results when you try to login on your app.
This will tell you what the app is actually doing.

|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |