Project

General

Profile

Bug #5475

Unable to locate user in OpenLDAP directory via ldaps

Added by Shannon Barber over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08.06.2018
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

Hello I am evaluating RhodeCode for use as a source repository tool.

I am using the same LDAP server to authenticate email, JIRA, gerrit, etc ... so I know the LDAP side is working.
All the other tools have a verify login button for the DN account and have a way to test that the LDAP searches are working.
I believe the DN login is working because I get a different error if I mangle that username or password.

Base DN canonically does not have ou=People nor ou=Groups on it.
The example of, (e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com), is accordingly confusing especially given the description of how SUBTREE works, stating that it does not search the base DN.
It should search the base DN unless there is another field that pretends a field that is something like ou=People or ou=Groups to search for the respective information and then it should search at that level and below.

My user search filter is the same as other the other tools, (objectclass=posixAccount)
I see in the code and some docs that it appends a uid=$login to that filter - this ought to show on the config page and you should be able to test it so you can see that you are getting results.

There are no password attribute nor password encryption type fields.
How do I tell it to use userPassword as a SSHA hash to authenticate?

2018-06-08 13:32:40.012 [12670] INFO  [rhodecode.authentication.base] Authenticating user `shannon.barber` using egg:rhodecode-enterprise-ce#ldap plugin
2018-06-08 13:32:40.305 [12670] ERROR [rhodecode.authentication.plugins.auth_ldap] LDAP related exception
Traceback (most recent call last):
  File "/opt/rhodecode/store/bbjmr1bwgmqsdkajzkmm5hk16al1b3ag-python2.7-rhodecode-enterprise-ce-4.12.2/lib/python2.7/site-packages/rhodecode/authentication/plugins/auth_ldap.py", line 464, in auth
    (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
  File "/opt/rhodecode/store/bbjmr1bwgmqsdkajzkmm5hk16al1b3ag-python2.7-rhodecode-enterprise-ce-4.12.2/lib/python2.7/site-packages/rhodecode/authentication/plugins/auth_ldap.py", line 343, in authenticate_ldap
    raise LdapUsernameError('Unable to find user')
LdapUsernameError: Unable to find user
2018-06-08 13:32:40.310 [12670] WARNI [rhodecode.model.validators] user `shannon.barber` failed to authenticate
2018-06-08 13:32:40.390 [12670] INFO  [rhodecode.lib.audit_logger] AUDIT[78]: Logging action: `user.login.failure` by user:id:None[shannon.barber] ip:192.168.138.1
2018-06-08 13:32:40.462 [12670] INFO  [rhodecode.lib.middleware.request_wrapper] IP: 143.103.58.199 Request to /_admin/login time: 0.474s [Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0]
[08/Jun/2018:13:32:40 -0400] GNCRN <12670>  192.168.138.1   rqt:0.475469 200 8259 "POST:/_admin/login came_from=%2F" usr:- "https://rhodecode.renesas-asaco.com/_admin/login?came_from=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
2018-06-08 13:32:40.726 [12668] INFO  [rhodecode.lib.middleware.request_wrapper] IP: 143.103.58.199 Request to /_static/rhodecode/css/style.css time: 0.008s [Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0]

History

#1 Updated by Marcin Kuzminski [staff] over 1 year ago

Hi,

Please enable DEBUG log-level (https://docs.rhodecode.com/RhodeCode-Enterprise/admin/enable-debug.html#debug-and-logging-configuration)
to show exact search and match procedure for LDAP plugin. That should help debugging.

We'll also investigate a test button somehow, that is very useful and i believe we should spend some effort to make it work.

Also available in: Atom PDF