LDAP settings for non anonymous bind

Discussion forum about Anuko Time Tracker
Post Reply
raceface2nd
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

LDAP settings for non anonymous bind

Post by raceface2nd » Fri Feb 02, 2018 2:42 pm

Hi,

we'd like to use LDAP. Anonymous bind to our server is forbidden and each LDAP client needs to bind with a user DN and password. How can I change the settings to provide a user DN and password for the bind?

Is it possible to provide a filter that the LDAP controller is only searching within the object class inetOrgPerson for users?

Best regards!

Andy

wrc
Posts: 253
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Post by wrc » Fri Feb 02, 2018 2:54 pm

raceface2nd wrote:How can I change the settings to provide a user DN and password for the bind?
You don't have to as it works like that already, see the Auth_ldap ::authenticate function in WEB-INF/lib/auth/Auth_ldap.class.php - the bind happens with user-provided login and password
raceface2nd wrote:Is it possible to provide a filter that the LDAP controller is only searching within the object class inetOrgPerson for users?
You'll need to customize the code slightly to perform additional filtering. Currently, it filters only by group memberships, but perhaps a better solution would be changing this to provide any user-provided filer string with conditions.

raceface2nd
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Post by raceface2nd » Fri Feb 02, 2018 4:56 pm

Understand, but unfortunately timetracker returns wrong username or password.

Our bind how it works with other software is like following

Code: Select all

uid=<username>,cn=users,dc=<ourdomain>,dc=com
Our LDAP listens on SSL port 7636. I already tried as base DN

Code: Select all

cn=users,dc=<ourdomain>,dc=com
and

Code: Select all

dc=<ourdomain>,dc=com
Login stays impossible.

Any ideas?

wrc
Posts: 253
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Post by wrc » Fri Feb 02, 2018 5:16 pm

Did you try to use AUTH_DEBUG? If so, what exactly does it show?

What is your LDAP server exactly?

raceface2nd
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Post by raceface2nd » Sat Feb 03, 2018 1:12 pm

AUTH_DEBUG returns

Code: Select all

$lc=bool(false) 
ldap_error()=

bool(false) 
LDAP is openldap-2.4.42

Is it because our LDAP runs on SSL port 7636?

Andy

wrc
Posts: 253
Joined: Tue May 25, 2010 8:30 pm

Re: LDAP settings for non anonymous bind

Post by wrc » Sat Feb 03, 2018 1:19 pm

Try using the below for the server parameter in AUTH_MODULE_PARAMS - it may work. If not please let us know what the error is.

Code: Select all

ldaps://hostname:port

raceface2nd
Posts: 4
Joined: Fri Feb 02, 2018 12:19 pm

Re: LDAP settings for non anonymous bind

Post by raceface2nd » Sat Feb 03, 2018 6:25 pm

Thank you!

It works! That was the reason. I only had domain.tld:port without ldaps://.

Cheers, Andy!

Post Reply