search

kamax-matrix / mxisd

Federated Matrix Identity Server
GNU Affero General Public License v3.0
220 stars 112 forks source link

LDAP search ignores attribute mapping in config #152

Closed Radarum closed 5 years ago

Radarum commented 5 years ago

mxisd uses sAMAccountName as uid in search ignoring config, as seen in LDAP server log

[05/Apr/2019:09:55:20.302007481 +0300] conn=1185 fd=64 slot=64 connection from 10._._._ to 10._._._
[05/Apr/2019:09:55:20.344301938 +0300] conn=1185 op=0 BIND dn="" method=128 version=3
[05/Apr/2019:09:55:20.344404996 +0300] conn=1185 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0000225881 dn=""
[05/Apr/2019:09:55:20.365055306 +0300] conn=1185 op=1 SRCH base="ou=redacted,dc=_redacted_,dc=_redacted_" scope=2 filter="(samaccountname=_redacted_)" attrs="othertelephone otherhomephone telephoneNumber samaccountname mail displayName mailprimaryaddress homePhone othermailbox mobile othermobile"
[05/Apr/2019:09:55:20.386157479 +0300] conn=1185 op=1 RESULT err=0 tag=101 nentries=0 etime=0.0021227238 notes=U
[05/Apr/2019:09:55:20.388100913 +0300] conn=1185 op=-1 fd=64 closed - B1

LDAP server is ns-slapd version 389-Directory/1.3.8.4 B2019.073.1017 mxisd version 1.3.1

ldap:
  enabled: true
  connection:
    host: '_redacted_'
    tls: false
    port: 389
    # bindDn: ''
    # bindPassword: ''
    baseDNs:
      - 'ou=_redacted_,dc=_redacted_,dc=_redacted_'
    attribute:
      uid:
        type: 'uid'
        value: 'uid'
      password: 'userPassword'
      name: 'displayName'
      threepid:
        email: 'mail'

Used this doc

maxidorius commented 5 years ago

Your indentation for the attribute: section is wrong (one too many), just like some other sections. Double check that the indentation is right everywhere; YAML is not forgiving in that area.

Radarum commented 5 years ago

Sorry, my mistake. After fixing indentation everything works. Thank you!