ChannelFinder / ChannelFinderService

A RESTful directory services for a list channels
MIT License
9 stars 15 forks source link

Issues with embedded LDAP #155

Closed minijackson closed 3 weeks ago

minijackson commented 1 month ago

I stumbled upon an issue while trying to use the embedded LDAP server of the ChannelFinder service.

With this configuration:

embedded_ldap.enabled = true

Authenticating as "admin" with "1234" as password, as suggested by the default LDIF file, did not work.

Adding this configuration:

logging.level.root = DEBUG
logging.level.org.springframework.security.ldap = TRACE

Lead me to this error:

org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - Unable to bind as user 'uid=admin,ou=People,dc=cf,dc=local,dc=cf,dc=local' because no such entry exists in the server.]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Unable to bind as user 'uid=admin,ou=People,dc=cf,dc=local,dc=cf,dc=local' because no such entry exists in the server.]

From reading the default application.properties file, I think specifying the base DN in both spring.ldap.embedded.base-dn and the user DN pattern / group search base leads to a duplication.

Setting this solved this issue:

embedded_ldap.user.dn.pattern = uid={0},ou=People
embedded_ldap.groups.search.base = ou=Group

On another note, I haven't found a way to encrypt passwords in the LDIF file. I have tried setting a password as given by the slappasswd command, or with spring encodepassword $password, both without success. Would you know how to do it?

shroffk commented 1 month ago

Ah! good catch... would you like to open a PR ( since you discovered and solved this issue )

minijackson commented 3 weeks ago

Sorry, I forgot to open a PR. Thanks for the fix!