Active Directory Bug

[tpowellcio]

Active Directory uses the cn (full name) of the user to authenticate. If the username has spaces in it the authentication fails and the users gets a 404 error page. If the cn is changed to have no spaces, it authenticates fine. Current: Authentication fails when --username contains spaces Expected: Authentication does not fail when using spaces.

cn contains spaces: Joel Hull

cn contains no spaces: jhull

[srossross]

@tpowellcio what are your LDAP configuration options?

cc @hhuuggoo

[tpowellcio]

Ldap options:

LDAP: {
'URI': 'ldap://8x64srv2',

# Bind directly to this base DN.
'BIND_DN': 'cn="%(username)s",cn=users,dc=continuum,dc=local',

# Map ldap keys into application specific keys
'KEY_MAP': {
    'name':'cn',
    'company': 'o',
    'location':'l',
    'email': 'mail',
    },

# LDAP connection options
'OPTIONS': {
            'OPT_PROTOCOL_VERSION': 3,
            }
}

[srossross]

@tpowellcio, you are binding to the cn, with 'BIND_DN': 'cn="%(username)s",.... Can you try binding to the users unix id?

[srossross]

From @hhuuggoo's wakari tests, It looks like this could be accomplished with:

'BIND_DN': 'CONTINUUM\\%(username)s',

[tpowellcio]

No go, we get the following traceback when we use 'BIND_DN': 'CONTINUUM\%(username)s',:

    ldap.INVALID_DN_SYNTAX: {'info': '0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1', 'desc': 'Invalid DN syntax'}

[joelhullcio]

If I understand the issue correctly you may need to use the samaccount key instead of uid for Active Directory. You can see an example in the LDAP test scripts in Wakari.

On Sep 2, 2014, at 12:49 PM, Troy Powell notifications@github.com wrote:

No go, we get the following traceback when we use 'BIND_DN': 'CONTINUUM\%(username)s',: ldap.INVALID_DN_SYNTAX: {'info': '0000208F: LdapErr: DSID-0C090715, comment: Error processing name, data 0, v1db1', 'desc': 'Invalid DN syntax'}

— Reply to this email directly or view it on GitHub.