kamax-matrix / mxisd

Federated Matrix Identity Server
GNU Affero General Public License v3.0
223 stars 115 forks source link

Search LDAP Users by uid for login as Username #159

Closed elberfeld closed 5 years ago

elberfeld commented 5 years ago

Hi,

I am trying to setup the ldap provider for my environment, but there seems to be a problem with the configuration of the ldap attributes.

the mxisd Version used is the 14.0-alpha1 docker container.

My LDAP User Objects are inetOrgPerson Entries, the attribute uid shound be used as the matrix username. When i try to login with my account 'void' i get a proper logging from the mxisd and synapse server.

In the Log Output fron the LDAP server the Search filter is set as "(?saMAccountName=void)" which soesn#t match the onfiguration i#ve set within the mxisd.yaml

    attribute:
      uid: 
        type: 'uid'
        value: 'uid'

Log Output mxisd

mxisd_1    | [XNIO-1 task-3] INFO io.kamax.mxisd.backend.ldap.LdapAuthProvider - No match were found for @void:matrix.warpzone.ms

Log Output Synapse server

synapse_1  | 2019-04-14 14:15:45,310 - synapse.handlers.auth - 602 - WARNING - POST-0- Attempted to login as @void:matrix.warpzone.ms but they do not exist

Log Output LDAP Server

openldap_1      | 5cb34311 conn=1046 fd=19 ACCEPT from IP=192.168.16.3:35534 (IP=10.42.1.1:389)
openldap_1      | 5cb34311 conn=1046 op=0 BIND dn="cn=readonly,dc=warpzone,dc=ms" method=128
openldap_1      | 5cb34311 conn=1046 op=0 BIND dn="cn=readonly,dc=warpzone,dc=ms" mech=SIMPLE ssf=0
openldap_1      | 5cb34311 conn=1046 op=0 RESULT tag=97 err=0 text=
openldap_1      | 5cb34311 conn=1046 op=1 SRCH base="dc=warpzone,dc=ms" scope=2 deref=3 filter="(?saMAccountName=void)"
openldap_1      | 5cb34311 conn=1046 op=1 SRCH attr=otherTelephone otherHomePhone telephoneNumber saMAccountName mail displayName mailPrimaryAddress homePhone otherMailbox mobile otherMobile
openldap_1      | 5cb34311 conn=1046 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
openldap_1      | 5cb34311 conn=1046 fd=19 closed (connection lost)

Sample LDAP User object

dn: uid=void,ou=users,dc=warpzone,dc=ms
cn: XXXXXXXXXXXXX 
mail: xxxxxxxxxxxx
objectclass: inetOrgPerson
objectclass: top
sn: XXXXXXXXXXXX
uid: void
userpassword: xxxxxxxxxxxxxxxxxxxxxxxx

mxisd.yaml

ldap:
  enabled: true
  connection:
    host: '1.1.1.1'
    port: 389
    bindDn: 'xxxxxxxxxxxxxx'
    bindPassword: 'xxxxxxxxxxxxxxx'
    baseDNs:
      - 'DC=warpzone,DC=ms'
    filter: '(&(objectClass=inetOrgPerson)(memberof=CN=matrix-user,OU=infrastructure,DC=warpzone,DC=ms))'
    attribute:
      uid: 
        type: 'uid'
        value: 'uid'
      name: 'cn'
      threepid:
        email:
          - 'mail'
        msisdn:
          - 'phone'
maxidorius commented 5 years ago

Indentation of the attribute key is wrong, be sure it matches what is documented

elberfeld commented 5 years ago

@maxidorius Thaks, that fixed the issue