search

wekan / ldap

LDAP support for Wekan code has been moved to https://github.com/wekan/wekan/tree/master/packages/wekan-ldap , issues to https://github.com/wekan/wekan/issues , and if PRs are needed please add them instead to https://github.com/wekan/wekan/pulls
https://github.com/wekan/wekan/tree/master/packages/wekan-ldap
MIT License
12 stars 10 forks source link

Can anyone provide an Active Directory How-to with examples ? #55

Open JBBERLIN opened 5 years ago

JBBERLIN commented 5 years ago

Hello,

I try to connect my AD with Wekan but without success. I have connect many systems like Joomla, DokuWiki etc. but Wekan no way..

CentOS 7, SNAP lastest Version of Wekan.

So can anyone provide an useful HowTo with examples ?

Many thanks.

xet7 commented 5 years ago

There is Azure AD docs for OIDC: https://github.com/wekan/wekan/wiki/Azure

But I don't know is there for LDAP yet.

Anyway, if your AD supports OIDC, it's easier to configure it, because there is less settings.

JBBERLIN commented 5 years ago

Yes I read this wiki doc too, but I have a simple AD. For the test I setup a internal test domain but no luck with user login or sync(I first try login only)

Active Directory Domain: ad.mydomian.com (DC=ad,DC=mydomain,DC=com) NETBIOS DOMAIN: MYDOMAIN DC1: 192.168.0.1 DC2: 192.168.0.2

All service account (with the domain bind account) are in OU=SERVICE,DC=ad,DC=mydomain,DC=com All user are in OU=USROU,DC=ad,DC=mydomain,DC=com The bind user: CN=bindadmin,OU=SERVICE,DC=ad,DC=mydomain,DC=com

No groups or else, and the binduser is a copy of the standard Administrator account.

Very simple AD LDAP for finding the bug, but no chance.

Here the log: Apr 2 17:50:25 todo wekan.wekan: [INFO] LDAP connected Apr 2 17:50:25 todo wekan.wekan: [INFO] Binding UserDN "CN=bindadmin,OU=SERVICE,DC=ad,DC=mydomain,DC=com" Apr 2 17:50:25 todo wekan.wekan: [INFO] Searching user "user1" Apr 2 17:50:25 todo wekan.wekan: [DEBUG] searchOptions { Apr 2 17:50:25 todo wekan.wekan: "filter": "(&(sAMAccountName=[username])(sAMAccountName=user1))", Apr 2 17:50:25 todo wekan.wekan: "scope": "sub", Apr 2 17:50:25 todo wekan.wekan: "sizeLimit": 0 Apr 2 17:50:25 todo wekan.wekan: } Apr 2 17:50:25 todo wekan.wekan: [DEBUG] BaseDN "dc=ad,dc=mydomain,dc=com" Apr 2 17:50:25 todo wekan.wekan: [INFO] Search result count Apr 2 17:50:25 todo wekan.wekan: [INFO] Search returned Apr 2 17:50:25 todo wekan.wekan: [ERROR] Error: User not Found Apr 2 17:50:25 todo wekan.wekan: [INFO] Fallback to default account system: { Apr 2 17:50:25 todo wekan.wekan: "username": "user1" Apr 2 17:50:25 todo wekan.wekan: } Apr 2 17:50:25 todo wekan.wekan: [DEBUG] Fallback options: { Apr 2 17:50:25 todo wekan.wekan: "user": { Apr 2 17:50:25 todo wekan.wekan: "username": "user1" Apr 2 17:50:25 todo wekan.wekan: }, Apr 2 17:50:25 todo wekan.wekan: "password": { Apr 2 17:50:25 todo wekan.wekan: "digest": "3b32991d2f1b72a900e9e29e3a705e0d73668eedd93f542d5737889303a60682", Apr 2 17:50:25 todo wekan.wekan: "algorithm": "sha-256" Apr 2 17:50:25 todo wekan.wekan: } '

nerminator commented 5 years ago

Did you solve your problem? I have similar problems during Wekan LDAP configuration and using an LDAP browser ( softtera or other LDAP browser) helped me to solve my problem. Are you sure that your users exist under OU=SERVICE ? In my case it was OU=User. But it changes according to your setup so that is why you need to look at your own LDAP structure with browser. After that, you have to tell Wekan which field in your LDAP can Wekan use as username , which field for the search field etc.