semaphore
semaphore copied to clipboard
LDAP authentication issues
Hi,
I am facing some issues setting up LDAP authentication in semaphore. Version: v2.8.49 LDAP settings:
"ldap_binddn": "CN=user,CN=Users,DC=my,DC=domain,DC=org",
"ldap_bindpassword": "password",
"ldap_server": "<ip>:389",
"ldap_searchdn": "DC=my,DC=domain,DC=org",
"ldap_searchfilter": "(uid=%s)",
"ldap_mappings": {
"dn": "dn",
"mail": "mail",
"uid": "uid",
"cn": "cn"
}
If I enter "username" as username, I just get "Incorrect login or password" in the web gui and nothing in the console.
If I enter "domain\username" as username, I get "Request failed with status code 500" in the web gui and
INFO[0105] LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter: encoding/hex: invalid byte: U+006C 'u'
in the console.
I don't even get, why it is trying to escape, when I just "" in plain text... However, If I use "domain\username" to escape "", I get the same messages.
Thanks for any help!
uid
contains the unqualified username (without the domain). \
is a query will probably cause an error (as you've seen). What happens if you try to run that query yourself?
ldapsearch \
-b DC=my,DC=domain,DC=org \
-D CN=user,CN=Users,DC=my,DC=domain,DC=org \
-w password \
-H ldap://<ip> \
'(uid=username)' \
dn mail uid cn
Can you inspect server logs? They might contain more information.
"ldap_binddn": "CN=user,CN=Users,DC=my,DC=domain,DC=org", "ldap_bindpassword": "password", "ldap_server": "
:389",
This looks like incorrect DN
for ldap_binddn
.
Can you ensure ldapwhoami
works?
ldapwhoami\
-H ldap://<ip>:389\
-D "CN=user,CN=Users,DC=my,DC=domain,DC=org"\
-x\
-W
It will ask interactively for the password for the proposed DN
. Supply password
as configured in ldap_bindpassword
.
If it is a correct DN it will echo the DN
again and error code should be 0
.