Closed Danielo24-bits closed 3 weeks ago
connor557
commented
1 month ago Installed Odoo 17.x on Windows Server 2019 with miniconda3, intending to connect it to Active Directory for authentication. Getting the same error message when trying to auth against AD. I pasted my error message into Google and by pure dumb luck found this issue. Please fix this as I have an org of about 50 that relies on Odoo for daily tasks.
Danielo24-bits
commented
3 weeks ago Okay! Solved! It was configuration issue...
BobBoba
commented
3 weeks ago how you get fixed it?? same problem. second day in a row with no luck. What parameter was wrong?
eskotilla
commented
3 weeks ago Hi @BobBoba and @connor557, I'm Danielo's workmate.
Finally we used Apache Directory Studio to check our AD structure and detect what was wrong.
The scenario is that we're working against a local Microsoft Active Directory server so, with Apache Directory Studio and a normal domain user (not an admin one) we could see what was the problem.
To sum up here:
LDAP Server address --> IP or FQDN related to LDAP/AD server where you want to authenticate
LDAP Server Port --> LDAP/AD TCP Port (389 in our environment)
TLS --> Yes/No (No in our scenario)
binddn LDAP --> User which will access LDAP to check if credentials are correct. Can be a non-admin user as commented previously. In our scenario was that way, we created a user "eskotilla" within AD. This user was created into an Organizational Unit called "USER GROUPS" which in turn was into another Organizational Unit called "IT" inside previous one. So, the path looked like mycompanyrocks.com -> USER GROUPS -> IT -> eskotilla(user). At all, the configuration string was like this "cn=eskotilla,OU=IT,OU=USER GROUPS,dc=mycompanyrocks,dc=com"
LDAP Password --> AD/LDAP Password related to user defined previously
Base LDAP --> Path to AD/LDAP where users will be and so, authentication will be performed there (I mean all users trying to log into Odoo must be defined there if you want them to be able to access Odoo). As we only wanted IT Department to access Odoo, we defined all users there (of course "eskotilla" was there, among others). At all, the configuration string was like this "OU=IT,OU=USER GROUPS,dc=mycompanyrocks,dc=com".
LDAP Filter --> Which field of AD/LDAP should be compared to text introduced in Odoo's login field. In our scenario, we would like to compare login field against AD's "sAMAccountName" field so, configuration string was like this "sAMAccountName=%s", where "%s" is text introduced into Odoo's login field which in our scenario was "eskotilla". If you want users to log into Odoo using full email like "eskotilla@mycompanyrocks.com", you should also compare it with email AD's field, and filter should be similar to "mail=%s". That way you will compare Odoo's login field against AD's mail field.
I hope this post can help you configure your LDAP environment.
All LDAP parameters can be observed with Apache Directory Studio so, it helped us to solve the issue.
Remember that all users must be placed into "Base LDAP" path in order to properly authenticate users, but since users can be in multiple OUs, it won't be a problem.
Odoo Version
Steps to Reproduce
I am experiencing issues with LDAP authentication in Odoo 17. Despite setting up the LDAP configuration as documented and verifying the credentials and server accessibility using ldapsearch, the authentication fails with the error "Wrong username or password". Below are the details of the setup and the steps I have taken to troubleshoot the issue.
Steps to Reproduce
Set up LDAP configuration in Odoo:
Attempt to log in with valid LDAP user credentials.
Expected Behavior
The user should be authenticated against the LDAP server, and if valid, should be allowed to log in.
Actual Behavior
The login fails with the error "Wrong username or password".
Additional Information
I have confirmed that the LDAP server is accessible and the credentials are correct using the ldapsearch command:
ldapsearch -x -H ldap://192.70.128.15 -b "DC=example,DC=com" -D "dalamillo@example.com" -W -s sub "(userPrincipalName=dalamillo@example.com)"
This command returns the expected user information.
I created a custom script in Odoo inside a custom module (to test the LDAP connection and authentication) and it works correctly. I've installed and using Odoo's shell I executed:
Logs
Below are the relevant logs from Odoo:
2024-07-15 12:07:12,619 59155 INFO ? werkzeug: 127.0.0.1 - - [15/Jul/2024 12:07:12] "GET /web/static/img/spin.svg HTTP/1.1" 200 - 0 0.000 0.001 2024-07-15 12:07:13,029 59155 INFO odoo werkzeug: 127.0.0.1 - - [15/Jul/2024 12:07:13] "GET /web/service-worker.js HTTP/1.1" 200 - 5 0.001 0.003 2024-07-15 12:07:17,953 59155 INFO odoo odoo.addons.base.models.res_users: Login failed for db:odoo login:dalamillo from 127.0.0.1 2024-07-15 12:07:17,956 59155 ERROR odoo odoo.addons.auth_ldap.models.res_company_ldap: An LDAP exception occurred: (0, 'Error') 2024-07-15 12:07:17,957 59155 DEBUG odoo odoo.tools.translate: no translation language detected, skipping translation for "'Wrong login/password'"
2024-07-15 12:07:18,035 59155 INFO odoo werkzeug: 127.0.0.1 - - [15/Jul/2024 12:07:18] "POST /web/login HTTP/1.1" 200 - 56 0.018 0.072 2024-07-15 12:07:18,067 59155 INFO odoo werkzeug: 127.0.0.1 - - [15/Jul/2024 12:07:18] "GET /web/binary/company_logo HTTP/1.1" 304 - 5 0.002 0.005 2024-07-15 12:07:19,044 59155 INFO odoo werkzeug: 127.0.0.1 - - [15/Jul/2024 12:07:19] "GET /web/service-worker.js HTTP/1.1" 200 - 5 0.002 0.003 2024-07-15 12:07:39,849 59155 DEBUG ? odoo.service.server: cron0 polling for jobs 2024-07-15 12:07:41,031 59155 DEBUG ? odoo.service.server: cron1 polling for jobs
Configuration Screenshot
Additional Context
I have reviewed the res_company_ldap.py file in the Odoo source code and it appears to be configured correctly. However, there seems to be a disconnect between the configuration and the actual authentication process.
Any assistance or insights into resolving this issue would be greatly appreciated.
Log Output
Support Ticket
No response