semaphore icon indicating copy to clipboard operation
semaphore copied to clipboard

Published 20 hours ago verified publisher icon semaphoreui

LDAP works but at the same time not?

Open JTzLinux opened this issue 1 year ago • 9 comments

Hello everyone recently I tried to setup ldap with semaphore I keep on getting the error: "Incorrect login or password" but in the log I get: INFO[0003] User HIDDEN with email HIDDEN authorized via LDAP correctly This is my Configuration if that could help:

 	"ldap_binddn": "cn=None,ou=Benutzern,ou=IT,dc=HIDDEN,dc=HIDDEN",
 	"ldap_bindpassword": "HIDDEN",
 	"ldap_server": "HIDDEN:389",
 	"ldap_searchdn": "ou=Benutzern,ou=IT,dc=HIDDEN,dc=HIDDEN",
 	"ldap_searchfilter": "(sAMAccountName=%s)",
 	"ldap_mappings": {
 		"dn": "",
 		"mail": "mail",
 		"uid": "sAMAccountName",
 		"cn": "cn"
 	},
 	"ldap_enable": true,
 	"ldap_needtls": false,

Thanks in advance

JTzLinux avatar Nov 09 '23 10:11 JTzLinux

same here

markuman avatar Nov 09 '23 13:11 markuman

glad I am not the only one who has the same problem

JTzLinux avatar Nov 09 '23 21:11 JTzLinux

I guess this is a duplicated issue to

https://github.com/ansible-semaphore/semaphore/issues/1522#issuecomment-1742050754, https://github.com/ansible-semaphore/semaphore/issues/1298

markuman avatar Nov 10 '23 06:11 markuman

Not 100% I did not use Docker I used the deb file to install it aka the Package Manager method but I am not sure if it makes that much of a difference

JTzLinux avatar Nov 11 '23 10:11 JTzLinux

Not 100% I did not use Docker I used the deb file to install it aka the Package Manager method but I am not sure if it makes that much of a difference

I guess not .... by the way. I'm also using .deb installation.

markuman avatar Nov 12 '23 09:11 markuman

Ok welp I hope there will be a fix soon x)

JTzLinux avatar Nov 13 '23 17:11 JTzLinux

I'm running into this same issue, and it seems like there's some sort of issue with the mapping of mail and uid. In my org, our logins are first initial lastname @ company.corp, ie [email protected]. But our emails are [email protected].

WORKS:

"mail": "userPrincipalName", # [email protected]
"uid": "sAMAccountName",     # jdoe

WORKS:

"mail": "userPrincipalName", # [email protected]
 "uid": "userPrincipalName", # [email protected]

BROKEN:

"mail": "mail",          # [email protected]
"uid": "sAMAccountName", # jdoe

BROKEN:

"mail": "mail",             # [email protected]
"uid": "userPrincipalName", # [email protected]

vdudejon avatar Feb 09 '24 21:02 vdudejon

Hi @vdudejon

Could you please provide more details. What the problem with mail: [email protected]?

If you have user [email protected] / jdoe and you trying create [email protected] / jdoe you will get an error. Because login and email both must be unique keys. If you have issue with this, I think you can do following:

"mail": "mail",
"uid": "mail"

why not?

Or we can implement more flexible mapping (if it important feature) to allow following scenario:

"mail": "{{userPrincipalName}}@company.com",
"uid": "userPrincipalName"

fiftin avatar Feb 10 '24 09:02 fiftin

Thanks for your feedback, yes this solution will work as long as I set the ldap_searchfilter to use mail instead of uid.

"mail": "mail",
"uid": "mail"

It's a little odd for us, just because of how our domains are set up. Most technical things we log in as jdoe, so basically in this case it will come down to whether we need our emails at all

vdudejon avatar Feb 12 '24 14:02 vdudejon