Open beefliver opened 1 year ago
Okay, I was finally able to get it to parse the file (my error)
I am now receiving an LDAP Error: InvalidCredentialsError: 80090308: LdapErr: DSID=0C090439....
Unsure what may be causing the issue, the login creds are 100% correct
Try using a filter:
"searchFilter": "(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))",
maybe these options:
"ldapUserBinaryKey": "objectSid",
"ldapUserName": "name",
"ldapUserKey": "objectSid",
"ldapUserEmail": "mail",
"ldapUserRealname": "name",
"ldapUserPhoneNumber": "telephoneNumber",
"ldapUserImage": "thumbinalPhoto",
"ldapUserGroups": "memberOf",
or:
"auth": "ldap",
"ldapOptions": {
"url": "ldaps://127.0.0.1:636",
"tlsOptions": {
"rejectUnauthorized": false
},
"bindDN": "cn=meshuser,ou=sys-users,ou=users,dc=domainname,dc=loc",
"bindCredentials": "P@ssw0rd",
"searchBase": "ou=users,dc=domainname,dc=local",
"searchFilter": "(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))",
"reconnect": true
},
"ldapUserBinaryKey": "objectSid",
"ldapUserName": "name",
"ldapUserKey": "objectSid",
"ldapUserEmail": "mail",
"ldapUserRealname": "name",
"ldapUserPhoneNumber": "telephoneNumber",
"ldapUserImage": "thumbinalPhoto",
"ldapUserGroups": "memberOf",
"ldapUserRequiredGroupMembership": [
"CN=mesh-administrators,OU=Permissions,ou=users,dc=domainname,DC=loc"
],
"ldapSyncWithUserGroups": {
"filter": [
"mesh-administrators"
]
},
I tried different variations of what you listed (with the proper adjustments)
I run it in --debug ldap but it doesn't display any errors through CMD, simply says that it's incorrect username or password (they're 100% correct)
This section here:
"bindDN": "cn=meshuser,ou=sys-users,ou=users,dc=domainname,dc=loc", "bindCredentials": "P@ssw0rd", "searchBase": "ou=users,dc=domainname,dc=local", "searchFilter": "(&(objectcategory=person)(objectclass=user)(|(samaccountname={{username}})(mail={{username}})))", "reconnect": true
The "searchBase" is that where it searches for the account that will provide the credentials for this integration, for example a service account strictly for this or is this asking for the location of the users that will login?
Here's what the AD structure looks like
Domain: Meshworld.com * Meshworld Computers Groups __MeshCentral_Admins ServiceAccounts MeshCentral LDAP (using to validate the integration) *Users John.Doe (_is added to MCAdmins Group)
Here's a screenshot
"Domain Users" security group are here
This is where the group is located
This is where the account to validate the integration is located
Use the program Active Directory Explorer to determine the exact full path for the user and/or group.
dsquery via cmd helped me with finding the path. I'll make changes on the config and see if I'm able to get it to communicate
I have the correct paths, can't figure out why it doesn't connect. I start the server with --debug ldap and nothing displays when I attempt to login
After restarting the PC, I now get an AssertionError upon trying to login
AssertionError [ERR_ASSERTION]: Search filter not defined (opts.searchFilter) at new LdapAuth (C:\MeshCentral\node_modules\ldapauth-fork\lib\ldapauth.js:82:10) at Object.obj.authenticate (C:\MeshCentral\node_modules\meshcentral\webserver.js:698:28) at handleLoginRequest (C:\MeshCentral\node_modules\meshcentral\webserver.js:1110:13) at handleRootPostRequest (C:\MeshCentral\node_modules\meshcentral\webserver.js:3292:29) at Layer.handle [as handle_request] (C:\MeshCentral\node_modules\express\lib\router\layer.js:95:5) at next (C:\MeshCentral\node_modules\express\lib\router\route.js:144:13) at C:\MeshCentral\node_modules\body-parser\lib\read.js:137:5 at AsyncResource.runInAsyncScope (node:async_hooks:203:9) at invokeCallback (C:\MeshCentral\node_modules\raw-body\index.js:231:16) at done (C:\MeshCentral\node_modules\raw-body\index.js:220:7)
Might be a strange question, but
npm install authenticode-js
done after installing MeshCentral?
I don't have any other ideas, maybe someone more knowledgeable can help.
Nope, I did not run that command after installing.
I am able to login locally just fine, but once I try to login via LDAP - I'm greeted with errors. As mentioned, I verified that the paths are correct, just unsure what I may be doing wrong.
Hello beefliver,
you can change ldaps to ldap ? "url": "ldaps://127.0.0.1:636", to "url": "ldap://127.0.0.1:389",
delete the ssl protocol and try a gain.
Describe your issue I am attempting to integrate LDAP but having issues. The server is joined to the domain. I try starting the server and I get the error that it can't parse the file (removed sensitive ldap info)
Server Software (please complete the following information):
Your config.json file