Problems in authenticating with LDAP

Hello everyone,

I’m using the last (1.5.1) version of DATAGERRY. Today for the first time i tried using LDAP authentication and i followed the guide of some existing user who successfully did it. I was not that lucky i guess… my LDAP config is:

• host: 10.20.100.9
• port: 389
• version: 3
• Base: DC:selikab,DC=lan
• GSS-API authentication

now i filled the corresponding fileds in datagerry like following:

11249×640 40.4 KB

21236×313 18.2 KB

31241×319 21.1 KB

41235×283 22.4 KB

51215×468 37.6 KB

But when i try to login with an LDAP user it fails, and i unable to find any logs about it.
Can anyone help me in this configuration?
Thanks a lot in advance!

Hello @marcinw ,

if I see this correctly, you have a syntax error:

OU,=Edo, DC=selikab, DC=lan

The comma between the OU and = must be removed.

Yes, my fault!

i just corrected it but still can’t login using LDAP user.
I would like to know the steps, after configuring the server connection, i should be able to login using any “Edoc” user, or maybe i have to create the user first?
Thanks!

Hi Marco,

If I see it correctly, you don’t need the group mapping at the moment. If you don’t have mapping enabled, all users will be automatically pushed into the default group. Since you only have one mapping in your example, this is a bit redundant, but should still work.

If you want to move different LDAP users into different groups, you have to specify a CN = Common Name in the mapping under the LDAP DN field. I just noticed that this is not completely clear in the documentation.

And you don’t have to create users first, they will be registered automatically after the first successful login.

Ok, i just tried everything you suggest me…
this is the configuration actually:

11244×250 18.7 KB

21232×299 20.2 KB

31226×313 23.1 KB

41227×279 23.5 KB

51216×418 36.5 KB

i tried to login with my LDAP user “m.plaia” and still doesn’t work
if also this pic could help, this is from my LDAP admin the OU=Edoc where the users i need to login are in…

Thanks!

Use ldapsearch. An error is returned if you cannot query the LDAP server.

The syntax for using ldapsearch:

ldapsearch -h [host] -D [user] -w [password] -b [base DN] -s sub “([filter])” [attribute list]

A simple example:

$ ldapsearch -h host.example.com -D user -w password -b"dc=ad,dc=example,dc=com" -s sub “(objectClass=user)” givenName

You can of course use different filters.
Can you please send us the issue then.

As I just see your mapping is not enabled, so this configuration is not applied at all. You could try to enter the samaaccoutnname under the tab “Search”. I guess Datagerry can’t find your users in the query otherwise.

ok i just set parameters in “Search” tab as follow:

11229×293 22.3 KB

Also i tried using ldapsearch in ubuntu and the only way to make it working was this (i’m trying to authenticate aganist a Samba4 AD):

root@datagerry:~# ldapsearch -LLL -p389 -h 10.20.100.9 cn=administrator -D cn=Administrator,cn=users,DC=selikab,DC=lan -w *********
dn: CN=Administrator,CN=Users,DC=selikab,DC=lan
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20180914100034.0Z
uSNCreated: 3545
name: Administrator
objectGUID:: XVJTj28mPkCeKv0uNAP71g==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
pwdLastSet: 131813928340000000
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAcxI0TvvGHGPv6+aL9AEAAA==
adminCount: 1
logonCount: 0
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=selikab,DC=lan
isCriticalSystemObject: TRUE
memberOf: CN=Administrators,CN=Builtin,DC=selikab,DC=lan
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=selikab,DC=lan
memberOf: CN=Enterprise Admins,CN=Users,DC=selikab,DC=lan
memberOf: CN=Schema Admins,CN=Users,DC=selikab,DC=lan
memberOf: CN=Domain Admins,CN=Users,DC=selikab,DC=lan
mail: it.*******************
postalCode: ******
streetAddress: *******************
o: ***********
l: ******
st: ********
co: *********
userAccountControl: 66048
accountExpires: 0
lastLogonTimestamp: 132583485112661150
whenChanged: 20210221023511.0Z
uSNChanged: 258560
lastLogon: 132584772145780750
distinguishedName: CN=Administrator,CN=Users,DC=selikab,DC=lan

# refldap://selikab.lan/CN=Configuration,DC=selikab,DC=lan

# refldap://selikab.lan/DC=DomainDnsZones,DC=selikab,DC=lan

# refldap://selikab.lan/DC=ForestDnsZones,DC=selikab,DC=lan

But still no luck with Datagerry login…
Thanks again for your fast support!

EDIT:

the connection string to log in as administrator and query the whole ldap is the following:

root@datagerry:~# ldapsearch -p389 -h 10.20.100.9 -D cn=Administrator,cn=users,DC=selikab,DC=lan -w *********

it works and as result it prints every object in the LDAP.

Just solved the problem! the error was given by the “username” field in the “connection” tab, once i set the username not like “administrator” but like “cn=Administrator,cn=users,DC=selikab,DC=lan” the Ldap authentication worked perfectly!
I noticed that if the settings works using ldapsearch, then the same settings will work in Web GUI too.
the following is the working configuration:

11232×245 18 KB

21225×296 20.3 KB

31225×309 25 KB

41227×278 24.5 KB

51212×416 32.9 KB

Thanks to anyone who helped, every hint was precious!