LDAP Authentication bind

Hello everyone,
I´m trying to setup ldap authentication, but I´m not able to login with my ldap user. LDAP is working on other services like nextcloud.

This is my ldap config:

      TRYTOND_LDAP_AUTHENTICATION__URI: ldap://openldap:389/ou=people,dc=innwerk,dc=org?objectClass?subtree??!bindname=cn=tryton%2cou=dsa%2cdc=innwerk%2cdc=org

The only log entry i get is ERROR trytond.security login failed for 'hannes' from '' on database 'tryton'. I would be happy about any hints on how to get this working!


For me it looks like no user is found with the uid.
I guess you will have to put some debug statement in the method ldap_search_user.


I use LDAP authentication without any problem. So there are a few things to check:

  1. Does your user already exists in Tryton itself?
  2. I also see some html formatted characters in your bindname.
  3. I use ldap,password for my authentications, so first LDAP is checked and if that fails, it will look for the password in Tryton

Hi @ced, can you give me an example on how such debug statement should look like?

I mean just putting some print statement to understand where and why no user is found.

Hello @edbo

  1. Yes, the usere exists and I can succesfully login to other services such as nextcloud.
  2. I used these html formatted characters according to the RFC Documentation. But I sinced tried without the encoding with the same result
  3. I´ve changed the order, but I´m still not able to login

Can you give me an example of your working config? Thanks in advance for your helo so far :slight_smile:

Okay, I will try! Thank you :smiley:

# The LDAP URL to connect to the server following RFC-2255.
#uri = ldap://host:port/dn?attributes?scope?filter?extensions
# A basic default URL could look like
uri = ldap://<fqdn_or_ip>:389/ou=<name_of_ou>,dc=xxxx,dc=xxxx?sAMAccountName?subtree??bindname=CN=<your_bind_name>,dc=xxxx,dc=xxxx
# The LDAP password used to bind if needed.
bind_pass = <your_bind_pwd>
# If the LDAP server is an Active Directory.
active_directory = True

I’m using iredmail as mailserver which is using OpenLDAP. I added a service in the LDAP which I’m using to filter out users. I also use onelevel to search on instead of subtree

uri = ldap://server01.edbo-local.lan:389/ou=users,domainname=edbo-local.lan,o=domains,ou=mailsystem,dc=edbo-local,dc=lan??onelevel?(&(objectclass=inetOrgPerson)(enabledservice=trytonERP))?bindname=cn=vmail,ou=Mailsystem,dc=edbo-local,dc=lan
bind_pass = <very_secret_password>
active_directory = False
uid = uid
create_user = False

BTW, it’s a testserver which is not connected to the internet.

The problem was create_user = False which should have been true. Thanks for your help!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.