LDAP settings for non anonymous bind

Discussion forum about Anuko Time Tracker

LDAP settings for non anonymous bind

Postby raceface2nd » Fri Feb 02, 2018 2:42 pm

Hi,

we'd like to use LDAP. Anonymous bind to our server is forbidden and each LDAP client needs to bind with a user DN and password. How can I change the settings to provide a user DN and password for the bind?

Is it possible to provide a filter that the LDAP controller is only searching within the object class inetOrgPerson for users?

Best regards!

Andy
raceface2nd
 
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Postby wrc » Fri Feb 02, 2018 2:54 pm

raceface2nd wrote:How can I change the settings to provide a user DN and password for the bind?

You don't have to as it works like that already, see the Auth_ldap ::authenticate function in WEB-INF/lib/auth/Auth_ldap.class.php - the bind happens with user-provided login and password

raceface2nd wrote:Is it possible to provide a filter that the LDAP controller is only searching within the object class inetOrgPerson for users?

You'll need to customize the code slightly to perform additional filtering. Currently, it filters only by group memberships, but perhaps a better solution would be changing this to provide any user-provided filer string with conditions.
wrc
 
Posts: 217
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Postby raceface2nd » Fri Feb 02, 2018 4:56 pm

Understand, but unfortunately timetracker returns wrong username or password.

Our bind how it works with other software is like following

Code: Select all
uid=<username>,cn=users,dc=<ourdomain>,dc=com


Our LDAP listens on SSL port 7636. I already tried as base DN

Code: Select all
cn=users,dc=<ourdomain>,dc=com


and

Code: Select all
dc=<ourdomain>,dc=com


Login stays impossible.

Any ideas?
raceface2nd
 
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Postby wrc » Fri Feb 02, 2018 5:16 pm

Did you try to use AUTH_DEBUG? If so, what exactly does it show?

What is your LDAP server exactly?
wrc
 
Posts: 217
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Postby raceface2nd » Sat Feb 03, 2018 1:12 pm

AUTH_DEBUG returns

Code: Select all
$lc=bool(false)
ldap_error()=

bool(false)


LDAP is openldap-2.4.42

Is it because our LDAP runs on SSL port 7636?

Andy
raceface2nd
 
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Postby wrc » Sat Feb 03, 2018 1:19 pm

Try using the below for the server parameter in AUTH_MODULE_PARAMS - it may work. If not please let us know what the error is.

Code: Select all
ldaps://hostname:port
wrc
 
Posts: 217
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Postby raceface2nd » Sat Feb 03, 2018 6:25 pm

Thank you!

It works! That was the reason. I only had domain.tld:port without ldaps://.

Cheers, Andy!
raceface2nd
 
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm


Return to Time Tracker

Who is online

Users browsing this forum: No registered users and 1 guest

cron