Closed hastarin closed 1 year ago
wiltonsr
commented
1 year ago Hi, @hastarin
We appreciate your suggestion.
This is very close to what we do today.
You can check more details in the Usage and Operations Mode pages.
It's important to say that the ldapAuth approach is to enable authentication via LDAP in a similar way to Traefik Enterprise.
But feel free to point out any changes you think must be pertinent to the project.
hastarin
commented
1 year ago Thanks for the reply @wiltonsr
I'd read the documentation but both myself, and a colleague who was also trying to help me get it working, seemed to have misread things. We were using a searchFilter but even if I remove it, so we're essentially running with settings similar to those that work for Grafana, I'm getting an error which seems to indicate my password is wrong.
I'll try things again when I have my colleagues help to troubleshoot further.
DEBUG: ldapAuth: 2023/08/11 23:21:01 restricted.go:52: No session found! Trying to authenticate in LDAP
DEBUG: ldapAuth: 2023/08/11 23:21:01 restricted.go:51: Connect Address: 'ldaps://company.location:636'
DEBUG: ldapAuth: 2023/08/11 23:21:01 restricted.go:51: Running in Bind Mode
DEBUG: ldapAuth: 2023/08/11 23:21:01 restricted.go:51: Authenticating User: sAMAccountName=jon.b,dc=company,dc=location
ERROR: ldapAuth: 2023/08/11 23:21:01 restricted.go:51: LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563
ERROR: ldapAuth: 2023/08/11 23:21:01 restricted.go:51: Authentication failed
Might I suggest using the approach the LDAP support for Grafana uses where if no admin bind is defined it will try to bind with the user credentials and search with them?
https://github.com/grafana/grafana/blob/eb6e19c7af8b98975fdfacee52bd892766fe07b8/pkg/services/ldap/ldap.go#L191
This means it will still work in situations where Anonymous Search has been disabled.