muzzol
commented
2 years ago I'm facing same problem.
is there a way to debug conversation between semaphore and LDAP server?
I'm using 389DS, a pure LDAP v3 , not AD.
Open pao-pirka opened 2 years ago
muzzol
commented
2 years ago I'm facing same problem.
is there a way to debug conversation between semaphore and LDAP server?
I'm using 389DS, a pure LDAP v3 , not AD.
pao-pirka
commented
2 years ago The weird thing is, that semaphore states "INFO[0059] User abc with email abc@cbd.com authorized via LDAP correctly" into the console, but the web interface says otherwise. If LDAP uses e.g. sssd, maybe the e.g. sssd error logs can show some additional information?
fiftin
commented
2 years ago Hi @pao-pirka ,
I can't reproduce the issue. I use following setup https://gist.github.com/fiftin/a697b2a88722ebd4ef1293bd5d7bbc88 and it is works without issues. I need more details to reproduce.
fiftin
commented
2 years ago @pao-pirka, @muzzol
Please read this answer: https://github.com/ansible-semaphore/semaphore/issues/898#issuecomment-1076257198
fiftin
commented
2 years ago @muzzol,
I never used 389DS, I would appreciate for instruction how to setup it via Docker.
muzzol
commented
2 years ago You can try this one: https://hub.docker.com/r/389ds/dirsrv
is not mine, but is done by official mantainers so it should be ok.
besides docker,I want to point out that 389DS is a standard LDAPv3 server, so is compliant with any LDAP query without any kind of customizations or additional schemas.
searching typical attributes like cn, mail or uid should be completely transparent from the client side.
I'm using it with a lot of web projects without any kind of problem.
MichaIJarosz
commented
1 year ago It seems to me that the problem here is the same email address for the default user and the user who wants to login using LDAP. I had the same problem as @pao-pirka and after changing e-mail address for default admin account I can log in via web.
muzzol
commented
1 year ago It seems to me that the problem here is the same email address for the default user and the user who wants to login using LDAP. I had the same problem as @pao-pirka and after changing e-mail address for default admin account I can log in via web.
not sure about that. maybe the fix could also include some debugging to login process so we can know exactly what is happening, which query is being launched and what's the response from LDAP server.
raunz
commented
1 year ago It seems to me that the problem here is the same email address for the default user and the user who wants to login using LDAP. I had the same problem as @pao-pirka and after changing e-mail address for default admin account I can log in via web.
I run into the same problem. Created default admin user with my e-mail address and LDAP login was success, but didn't get into the UI. User email has to be unique in database table:
CREATE TABLE user (
..., email varchar(255) NOT NULL,...,
UNIQUE KEY email (email))A warning message would be much helpful when database constraints get violated.
Hello there!
LDAP is configured correctly, yet no user can login via the web interface. We tried "domain\user" + Password and "user" + Password, sadly neither worked.
Web-Interface address http://xxx.xxx.xxx.xxx:3000/auth/login
CLI output: sudo semaphore service --config=./config.json MySQL abc@127.0.0.1:3306 semaphore Tmp Path (projects home) /tmp/semaphore Semaphore v2.8.53 Interface Port :3000 Server is running INFO[0059] User abc with email abc@cbd.com authorized via LDAP correctly
Web-Interface error:
Is there any solution or workaround to this?
Thank you and kind regards!