wiki-v1 icon indicating copy to clipboard operation
wiki-v1 copied to clipboard
verified publisher icon requarks

LDAP fails with users inside a group

Open KeiichiKun opened this issue 6 years ago • 2 comments

Actual behavior

Connection to ldap not working (web interface returns wrong usename/password)

Expected behavior

Login should not failed

Steps to reproduce the behavior

The AD structure is like

DC=mydomain,DC=dom --> OU=Firstou --> OU=Secondou --> CN=myuser and DC=mydomain,DC=dom --> CN=Users --> CN=Mygroup --> 2 members inside the group

In config.yml

ldap: enabled: true url: 'ldap://myip:389' bindDn: 'CN=myuser,OU=Secondou,OU=Firstou,DC=mydomain,DC=dom' bindCredentials: mypassword searchBase: 'CN=Mygroup,CN=Users,DC=mydomain,DC=dom' searchFilter: '(samaccountname={{username}})' tlsEnabled: false tlsCertPath: 'C:\example\root_ca_cert.crt'

The username will never be equal to samaccountname, maybe because samaccountname returns mygroup samaccountname, and not samaccountname of members inside the group

How can i achieve this?

Thanks

KeiichiKun avatar Jan 24 '19 15:01 KeiichiKun

The search filter can be anything, it doesn't have to be samaccountname. Use the LDAP field which matches the username or email.

NGPixel avatar Jan 25 '19 22:01 NGPixel

Yes, but all fields I can use are always referring to the group, not the members inside the group..

KeiichiKun avatar Jan 26 '19 07:01 KeiichiKun