I need some help with specifying the correct LDAP URL. I have a working installation of the UCS Server, which uses slapd internally, and I can authenticate over LDAP from other applications (e.g. dokuwiki) just fine. However, with Tryton I struggle to build the correct LDAP URL.
I am using these settings in dokuwiki, where it works fine. Furthermore, these work with the ldapsearch terminal utility. However, in Tryton I just get a generic ERROR trytond.security login failed message, even with the logging level set to DEBUG. I have tried to change some parts of the LDAP URL by copying things like ?sAMAccountName?subtree?? from other posts in this forum, but this just results in the error message ldap3.core.exceptions.LDAPBindError: unable to bind.
So I have looked for tools to build/validate this LDAP URL but could not find anything. Any help or hints would be appreciated.
I suggest you to add some debugging print statement in _login_ldap to see where it stops the authentication.
I suspect that con.bind() does not succeed. Once we know we could add more logging message to catch such case.
Thank you, after lots of print statements I made it work now. The port was one problem; the other aspect was that Tryton does not parse LDAP URLs like other LDAP tools do, which caused it to interpret my LDAP bind user DN as a filter. The solution was to use two questionmarks: