LDAP Authentication bind

hannes · February 15, 2022, 11:33pm

Hello everyone,
I´m trying to setup ldap authentication, but I´m not able to login with my ldap user. LDAP is working on other services like nextcloud.

This is my ldap config:

      TRYTOND_SESSION__AUTHENTICATIONS: password,ldap
      TRYTOND_LDAP_AUTHENTICATION__URI: ldap://openldap:389/ou=people,dc=innwerk,dc=org?objectClass?subtree??!bindname=cn=tryton%2cou=dsa%2cdc=innwerk%2cdc=org
      TRYTOND_LDAP_AUTHENTICATION__BIND_PASS: verysecurepassword
      TRYTOND_LDAP_AUTHENTICATION__UID: uid
      TRYTOND_LDAP_AUTHENTICATION__CREATE_USER: "false"

The only log entry i get is ERROR trytond.security login failed for 'hannes' from '172.18.0.7' on database 'tryton'. I would be happy about any hints on how to get this working!

Cheers
Hannes

ced · February 16, 2022, 12:37am

For me it looks like no user is found with the uid.
I guess you will have to put some debug statement in the method ldap_search_user.

edbo · February 16, 2022, 10:09am

Hello,

I use LDAP authentication without any problem. So there are a few things to check:

Does your user already exists in Tryton itself?
I also see some html formatted characters in your bindname.
I use ldap,password for my authentications, so first LDAP is checked and if that fails, it will look for the password in Tryton

hannes · February 22, 2022, 1:06pm

Hi @ced, can you give me an example on how such debug statement should look like?

ced · February 22, 2022, 1:09pm

I mean just putting some print statement to understand where and why no user is found.

hannes · February 22, 2022, 1:12pm

Hello @edbo

Yes, the usere exists and I can succesfully login to other services such as nextcloud.
I used these html formatted characters according to the RFC Documentation. But I sinced tried without the encoding with the same result
I´ve changed the order, but I´m still not able to login

Can you give me an example of your working config? Thanks in advance for your helo so far

hannes · February 22, 2022, 1:12pm

Okay, I will try! Thank you

2cadz · February 22, 2022, 1:31pm

[ldap_authentication]
# The LDAP URL to connect to the server following RFC-2255.
#uri = ldap://host:port/dn?attributes?scope?filter?extensions
# A basic default URL could look like
#
uri = ldap://<fqdn_or_ip>:389/ou=<name_of_ou>,dc=xxxx,dc=xxxx?sAMAccountName?subtree??bindname=CN=<your_bind_name>,dc=xxxx,dc=xxxx
# The LDAP password used to bind if needed.
bind_pass = <your_bind_pwd>
# If the LDAP server is an Active Directory.
active_directory = True

edbo · February 22, 2022, 1:55pm

I’m using iredmail as mailserver which is using OpenLDAP. I added a service in the LDAP which I’m using to filter out users. I also use onelevel to search on instead of subtree

[ldap_authentication]
uri = ldap://server01.edbo-local.lan:389/ou=users,domainname=edbo-local.lan,o=domains,ou=mailsystem,dc=edbo-local,dc=lan??onelevel?(&(objectclass=inetOrgPerson)(enabledservice=trytonERP))?bindname=cn=vmail,ou=Mailsystem,dc=edbo-local,dc=lan
bind_pass = <very_secret_password>
active_directory = False
uid = uid
create_user = False

BTW, it’s a testserver which is not connected to the internet.

hannes · March 1, 2022, 4:49pm

The problem was create_user = False which should have been true. Thanks for your help!

system · March 31, 2022, 4:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.