LDAP authentication issues

[lfreist]

Hi,

I am facing some issues setting up LDAP authentication in semaphore. Version: v2.8.49 LDAP settings:

"ldap_binddn": "CN=user,CN=Users,DC=my,DC=domain,DC=org",
"ldap_bindpassword": "password",
"ldap_server": "<ip>:389",
"ldap_searchdn": "DC=my,DC=domain,DC=org",
"ldap_searchfilter": "(uid=%s)",
"ldap_mappings": {
        "dn": "dn",
        "mail": "mail",
        "uid": "uid",
        "cn": "cn"
}

If I enter "username" as username, I just get "Incorrect login or password" in the web gui and nothing in the console. If I enter "domain\username" as username, I get "Request failed with status code 500" in the web gui and INFO[0105] LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter: encoding/hex: invalid byte: U+006C 'u' in the console.

I don't even get, why it is trying to escape, when I just "" in plain text... However, If I use "domain\username" to escape "", I get the same messages.

Thanks for any help!

[bendem]

uid contains the unqualified username (without the domain). \ is a query will probably cause an error (as you've seen). What happens if you try to run that query yourself?

ldapsearch \
  -b DC=my,DC=domain,DC=org \
  -D CN=user,CN=Users,DC=my,DC=domain,DC=org \
  -w password \
  -H ldap://<ip> \
  '(uid=username)' \
  dn mail uid cn

Can you inspect server logs? They might contain more information.

[flybyray]

"ldap_binddn": "CN=user,CN=Users,DC=my,DC=domain,DC=org", "ldap_bindpassword": "password", "ldap_server": ":389",

This looks like incorrect DN for ldap_binddn. Can you ensure ldapwhoami works?

ldapwhoami\
  -H ldap://<ip>:389\
  -D "CN=user,CN=Users,DC=my,DC=domain,DC=org"\
  -x\
  -W

It will ask interactively for the password for the proposed DN. Supply password as configured in ldap_bindpassword.

If it is a correct DN it will echo the DN again and error code should be 0.