search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.8k stars 10.73k forks source link

Problem connecting to LDAP (FreeIPA) #19117

Open Ramhm opened 4 years ago

Ramhm commented 4 years ago

Description: I am using freeipa service for ldap and the error is displayed below.

Steps to reproduce:

Expected behavior: User should be logged in

Actual behavior: Error popup : "User not found or incorrect password"

Server Setup Information: Version of Rocket.Chat Server: 3.7 Operating System: Linux Deployment Method: docker Number of Running Instances: 1 DB Replicaset Oplog: Client Setup Information Desktop App or Browser Version: 2.17.9 Operating System: macOS Catalina

My Config: BaseDN: cn=users,cn=accounts,dc=company,dc=com Username field: uid Unique identifier field: entryUUID Default domain: company.com Sync user data: on User data field map: {"cn":"name", "mail":"email"} Sync LDAP groups: on User group filter: (&(cn=#{groupName})(member=uid=#{username},ou=users,dc=company,dc=com)) LDAP group basedn: ou=groups,dc=company,dc=com User Data Group Map:{"rocket-admin": "admin","tech-support": "support"} Sync user avatar: Off (normally on) Background sync: on Background sync interval: every 5 minutes Background Sync Import New Users: on Background Sync Update Existing Users: on User Search Filter: (&(objectclass=inetOrgPerson)(memberOf=,ou=groups,dc=company,dc=com)) scope: sub search field: uid Group ObjectClass:groupOfNames Group ID Attribute: cn Group Member Attribute:Member Group Member Format:Member Group name:rocket-admin

Relevant logs: Error: server.js:204 LDAPHandler ➔ error Error: User not Found

Does anyone have a config for freeipa? Please check this item.

dieug commented 4 years ago

you have wrong User Search Filter it's - first. try without it to find a difference..

Ramhm commented 4 years ago

@dieug This config is for FREEIPA service and is different from Microsoft AD

dieug commented 4 years ago

yes. but you have wrong filter for all ldap servers.

Ramhm commented 4 years ago

@dusatvoj You can send ldap config?!

dusatvoj commented 4 years ago

@Ramhm What?

Ramhm commented 4 years ago

@dusatvoj I have a problem like yours to communicate between RocketChat and OpenLDAP #15621 Unfortunately, the Rocket Chat support team is not responsible.

Can you send me the connection configuration of your chat rocket to OpenLDAP?!

dusatvoj commented 4 years ago

Oh, I see. Filter is written in mentioned issue. I have group sync disabled because of this eh ... bug. Have you looked at https://github.com/RocketChat/Rocket.Chat/issues/15621#issuecomment-702748188 ?

Ramhm commented 4 years ago

@dusatvoj Yes, but I do not understand what you mean. Is it possible to send an image of the general configuration of the rocketchat?

awsome0305 commented 3 years ago

@Ramhm Hi,I have the same problem as you,I also use freeipa,did you solve this problem?

awsome0305 commented 3 years ago

My Config: BaseDN: cn=users,cn=accounts,dc=company,dc=com Username field: uid Unique identifier field: uidNumber Default domain: company.com Sync user data: on User data field map: {"cn":"name", "mail":"email"} Sync LDAP groups: on User group filter: (&(cn=#{groupName)(uid=#{username}) User Data Group Map:{"rocket-admin": "admin","ipausers": "support"} Sync user avatar: Off (normally on) Background sync: on Background sync interval: every 5 minutes Background Sync Import New Users: on Background Sync Update Existing Users: on User Search Filter: scope: sub search field: uid User search(Group validation) Enable LDAP User Group Filter:off

Now,it works!

Ramhm commented 3 years ago

@Ramhm Hi,I have the same problem as you,I also use freeipa,did you solve this problem?

No unfortunately I checked on the last few versions and there was still a problem.

Ramhm commented 3 years ago

My Config: BaseDN: cn=users,cn=accounts,dc=company,dc=com Username field: uid Unique identifier field: uidNumber Default domain: company.com Sync user data: on User data field map: {"cn":"name", "mail":"email"} Sync LDAP groups: on User group filter: (&(cn=#{groupName)(uid=#{username}) User Data Group Map:{"rocket-admin": "admin","ipausers": "support"} Sync user avatar: Off (normally on) Background sync: on Background sync interval: every 5 minutes Background Sync Import New Users: on Background Sync Update Existing Users: on User Search Filter: scope: sub search field: uid User search(Group validation) Enable LDAP User Group Filter:off

Now,it works!

What version of your chat rocket is it? Does the rocket-admin group have special access?

mm2293 commented 3 years ago

Hi, you can use the Filter "(|(memberof=cn=YOURGROUPNAME,cn=accounts,dc=example,dc=com))"

This should work.