Closed arpsyapathy closed 6 years ago
Remove the ldap.attribute
configuration items, those are needed if you use native LDAP, NOT Active Directory as explained in the documentation.
Having the exact same problem and error messages. No solution so far for me. User and password are definitely correct
mxisd.log
i.k.m.c.auth.v1.AuthController : Requested to check credentials for @USER:matrix.SERVER.de
i.k.m.b.ldap.LdapAuthProvider : Performing auth for @USER:matrix.SERVER.de
i.k.m.b.ldap.LdapAuthProvider : No match were found for @USER:matrix.SERVER.de
homeserver.log
synapse.access.http.8008 - 59 - INFO - POST-26- 127.0.0.1 - 8008 - Received request: POST /_matrix/client/api/v1/login
synapse.rest.client.v1.login - 177 - INFO - POST-26- Got login request with identifier: None, medium: None, address: None, user: 'user'
synapse.handlers.auth - 479 - WARNING - POST-26- Attempted to login as @user:matrix.SERVER.de but they do not exist
synapse.http.server - 123 - INFO - POST-26- <SynapseRequest at 0x7f7325b034d0 method=POST uri=/_matrix/client/api/v1/login clientproto=HTTP/1.0 site=8008> SynapseError: 403 - Invalid password
synapse.access.http.8008 - 91 - INFO - POST-26- 127.0.0.1 - 8008 - {None} Processed request: 15ms (4ms, 0ms) (0ms/1) 68B 403 "POST /_matrix/client/api/v1/login HTTP/1.0" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
mxisd.yml
matrix.domain: 'matrix.SERVER.de'
server.name: 'matrix.SERVER.de'
dns.overwrite.homeserver.client:
- name: 'matrix.SERVER.de'
value: 'http://127.0.0.1:8008'
ldap:
enabled: true
connection:
host: 'AD-SERVER'
bindDn: 'DISTINGUISHED_NAME'
bindPassword: 'PASSWORD'
tls: false
port: 389
homeserver.yml
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: "http://127.0.0.1:8090"
nginx proxy_pass config
location /_matrix/identity/ {
proxy_pass http://127.0.0.1:8090/_matrix/identity/;
}
location /_matrix/client/r0/user_directory/ {
proxy_pass http://127.0.0.1:8090/_matrix/client/r0/user_directory/;
}
location / {
proxy_pass http://127.0.0.1:8008/;
}
@Madic- case was solved with the following:
ldap:
attribute:
uid:
type: 'uid'
value: 'sAMAccountName'
Hello!. I can't connecting in Riot through LDAP =( What can i do wrong?
I did:
mxisd:
P.S. 1 service_user - CN attribute of AD user. CN and samAccountname avaible attributes for this user. Maybe in mxisd.yaml mistake for me? P.S. 2 My LDAP - Active Directory
Tell me please what i can do wrong?
Thank you advance!