search

ensky / taiga-contrib-ldap-auth

Taiga plugin for LDAP authentication
http://taiga.io
GNU Affero General Public License v3.0
54 stars 37 forks source link

LDAP auth not working #54

Open NicolasLMD opened 7 years ago

NicolasLMD commented 7 years ago

Hi,

The LDAP auth doesn't work on my production env. When I try to log in, I got this message "Oops, something happened...Our Oompa Loompas are sad, your changes were not saved!"

I'm not enough familiar with LDAP to be able to set up it alone. I made some tests with ldapsearch on my ubuntu server (the LDAP server is on a Windows server machine, and I want to make requests on the Active Directory rep). The tests showed that I successfully manage to connect and bind but not search. Can you help me ? My AD server (on windows server) contains a list of users and a list of users groups under a server name ("ul.myserver.com"). Users can be on different groups but one indicates users allowed to connect on Taiga (group name = "TaigaConnect")

I want to connect with the same login/password than on windows machine (not with my email or full name)

I set up local.py like this :

LDAP_SEARCH_BASE = 'CN=TaigaConnect,CN-Users,DC=ul,DC=myserver,DC=com' LDAP_SEARCH_PROPERTY = 'sAMAccountName' LDAP_SEARCH_SUFFIX = None # '@example.com' LDAP_EMAIL_PROPERTY = 'mail' LDAP_FULL_NAME_PROPERTY = 'DisplayName'

I also tested property 'uid'

Can you tell me how to correct it ?

Thank you

gthieleb commented 7 years ago

If you open the Developer Toolbar in Firefox you will see the error message returned by the authentication POST Request. You might need to authenticate again (with toolbar opened). Please post the error message.

NicolasLMD commented 7 years ago

Hi,

I got : angular.js:11756 POST https://taiga.crf7514.fr/api/v1/auth 400 (Bad Request) (anonymous) @ angular.js:11756 g @ angular.js:11517 c @ angular.js:11227 a @ angular.js:15961 (anonymous) @ angular.js:15977 $eval @ angular.js:17229 $digest @ angular.js:17045 (anonymous) @ angular.js:17268 o @ angular.js:5869 (anonymous) @ angular.js:6145

and as output : {"error_message": "LDAP account or password incorrect: {'error_message': 'Username or password incorrect'}"}

Thank you for your help

NicolasLMD commented 7 years ago

no one can see what's going on ?

gthieleb commented 7 years ago

Hi @NicolasLMD isn't the error message not obvious enough?

{'error_message': 'Username or password incorrect'}

As it is AD, perhaps you need a prefix your loginname with something like that:

MYSHINYWINDOWSADNAME\username
phanikumar1210 commented 6 years ago

I have configured taiga with same configurations as specified in README. But, I am still getting the same error. I am even not sure whether Taiga is reaching LDAP or not. Can someone help me out on this?