Closed QA-Jihyun closed 5 months ago
@QA-Jihyun ,
--ldap-username-field
option, put uid
value in --ldap-search-field
option, and grant your LDAP database schema, for information here is a template I use to add user in my LDAP database:
dn: cn=_USER_,dc=_XXX_,dc=_YYY_
uid: _USER_
sn: _USER_
mail: _EMAIL_
objectClass: inetOrgPerson
objectClass: top
userPassword: _PASSWORD_
@QA-Jihyun ,
You have to know that STF is not fully supported on Mac OS environment, you should prefer Linux one
I don't know if you LDAP installation is correct, did you test it outside STF usage ?
Try to remove
--ldap-username-field
option, putuid
value in--ldap-search-field
option, and grant your LDAP database schema, for information here is a template I use to add user in my LDAP database:dn: cn=_USER_,dc=_XXX_,dc=_YYY_ uid: _USER_ sn: _USER_ mail: _EMAIL_ objectClass: inetOrgPerson objectClass: top userPassword: _PASSWORD_
I tried connecting to stf from outside. And even if you remove --ldap-username-field, the same error occurs. And the same error is occurring on the PC running stf.
I tried connecting to stf from outside
My question was: did you test your ldap database alone, without STF ?
Did you well replace email
value by uid
value in --ldap-search-field
option ?
Did you well change your ldap database schema as specified (i.e. in particular objectClass: inetOrgPerson
) ?
I tried connecting to stf from outside
My question was: did you test your ldap database alone, without STF ?
Did you well replace
uid
value in--ldap-search-field
option ?Did you well change your ldap database schema as specified (i.e. in particular
objectClass: inetOrgPerson
) ?
Searching ldap's DIT with ldapsearch succeeds. I also changed --ldap-search-field to uid, but stf login fails. Login fails even if you specify the ou=test group in the --ldap-search-dn option in the stf run options. I'm wondering if I need to set up the Kerberos realm on Mac, but I'm having trouble setting up Kerberos because I'm not familiar with the Mac environment.
If you ask chat gpt or google bard, they will tell you to set none in stf auth type, but there doesn't seem to be a none option.
Thank you for your interest in my question.
@QA-Jihyun , so what you can do if it works well with ldapsearch
command is to take the provided filter and put it as value in the --ldap-search-filter
option, here is an example: --ldap-search-filter "(&(objectClass=inetOrgPerson)(uid=*)(memberOf=cn=stf-users,ou=groups,dc=test,dc=org))"
(e.g. filtering on a LDAP group)
I'm trying to use stf on mac. I am using the following firmware for "stf-ldap" connection
Afterwards, connect to stf in the browser. (111.222.333.444/auth/ldap)
username field = ldap email password = password of ldap user
ldap log
stf log
apache Directory Studio is I am connecting to DIT with bind DN >> cn=admin,dc=test,dc=scom and bindpassword, and DIT settings seem to be set up well.
Does anyone know why ldap login keeps failing?