View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - LDAP Connection Problems - ProjeQtOr
 
 

LDAP Connection Problems

More
03 Jul 2014 22:25 - 03 Jul 2014 22:27 #1 by francis2301
LDAP Connection Problems was created by francis2301
Hi,
We're trying to configure LDAP integration but it seems we're doing something wrong, since it's not working.

Here are the configurations:
Connection with LDAP Users: YES
LDAP base dn : DC=frescatto,DC=com
LDAP user: CN=pfsense,CN=Users,DC=frescatto,DC=com
LDAP Passwowrd: ****** (our password)
LDAP user filter: uid=%username%

When we try to connect in projeqtor using a USER/PWD from AD it doesn't allows the connection.
The log file only says: 2014-07-03 16:47:24 ===== TRACE ===== Login error for user 'username'

Is there anything wrong in the configuration?

Question 1: Do we need to import the LDAP Users to projeqtor before allowing them to connect?
If no, and after solving the problem we're facing, how will we set the correct profile for these LDAP users? Does projeqtor creates a user in its database in the first login?

Thanks
Last edit: 03 Jul 2014 22:27 by francis2301.
The topic has been locked.
More
04 Jul 2014 20:39 #2 by babynus
Replied by babynus on topic LDAP Connection Problems
1) Password must be ldap password fir ldzp user : try and connect through other mean
2) filter must retrieve the ldap user : try and search user with given username
3) log seems to show that you enter "username" to log in ProjeQtOr : does this user exist in ldap with corresponding uid ?
4) You do not need to import ldap user in Projeqtor : this is the interest of ldap connectivity, authentication is devoted to ldap, with ldap password
5) you define in global parameters default profile for new users
6) Yes, projeqtor automatically creates a projeqtor user on first ldap connection, retrievong the cn (common name) and email
Babynus
Administrator of ProjeQtOr web site
The topic has been locked.
More
03 Oct 2014 01:33 #3 by Xeiran
Replied by Xeiran on topic LDAP Connection Problems
Having very similar problems with LDAP connection, any assistance would be greatly appreciated.
We keep getting the error: ldap_bind(): Unable to bind to server: Invalid credentials

1. The user we are trying to log in with is a valid working LDAP user, "ourdomain.net\bmullins", with valid email address, and can log in via other means.
2. The LDAP authentication user has also been verified and can log in via other means.
3. We use Active Directory, so presumably the default user filter specified in Projeqtor works; I am unsure how to test.
4. LDAP authentication module in PHP.ini is enabled (that was the first problem I ran into).
5. There are no firewalls blocking the LDAP port, and we have not changed the default port number.

Parameters are:
Connection with LDAP Users: YES
LDAP base dn : DC=ourdomain,DC=net
LDAP host: dc1.ourdomain.net
LDAP port: 389
LDAP version: 3
LDAP user: CN=ldapprojeqtor,DC=ourdomain,DC=net
LDAP Passwowrd: ****** (our password)
LDAP user filter: uid=%username%

Here is the debug trace:
==============
2014-10-02 18:08:07 ----- DEBUG ----- 0.071998;desc itresource
2014-10-02 18:08:07 ----- DEBUG ----- 0.00074;select * from itresource where itresource.name='ourdomain.net\\bmullins' and itresource.isUser = '1' 
2014-10-02 18:08:09 ----- DEBUG ----- 0.028237;desc itparameter
2014-10-02 18:08:09 ----- DEBUG ----- 0.018768;select * from itparameter where itparameter.idUser is null and itparameter.idProject is null and itparameter.parameterCode='dbVersion'
2014-10-02 18:08:09 ----- DEBUG ----- 0.002663;desc itresource
2014-10-02 18:08:09 ----- DEBUG ----- 0.000487;select * from itresource where itresource.name='ourdomain.net\\bmullins' and itresource.isUser = '1' 
2014-10-02 18:08:09 ----- DEBUG ----- 0.000931;select * from itparameter where  (idUser is null and idProject is null)
2014-10-02 18:08:09 ***** ERROR ***** ERROR *****
2014-10-02 18:08:09 ***** ERROR ***** on file 'C:\UniServerZ\www\projeqtor\model\User.php' at line (765)
2014-10-02 18:08:09 ***** ERROR ***** cause = ldap_bind(): Unable to bind to server: Invalid credentials
==============
The topic has been locked.
More
06 Oct 2014 22:39 - 06 Oct 2014 23:11 #4 by Xeiran
Replied by Xeiran on topic LDAP Connection Problems
Solved my own problem.
  1. On our Microsoft Server 2012 R2 setup, neither the filter 'uid=' nor the filter 'sAMaccountName=' worked for me. Instead I had to use the filter 'userPrincipalName=%USERNAME%', specifying the login as 'username @ ourdomain.net' (without spaces, of course)
  2. I did not specify the 'LDAP user' connection string correctly.
As suggested in other threads, if you are using Active Directory, use the command line tool "dsquery" to get the exact LDAP user connection string, like this:
  • dsquery user -name *
    • or
  • dsquery user -name partialfirstname*

    • The exact connection string that finally solved my problem was:
  • CN=ldap projeqtor,OU=ourdomain subgroup,OU=ourdomain maingroup,DC=ourdomain,DC=net

    • where CN=firstname lastname
    NOT CN=username

    One other rookie mistake I made (and I should know better) - when testing, close out your browser completely OR clear the cache settings before each attempt.
    Last edit: 06 Oct 2014 23:11 by Xeiran.
    The following user(s) said Thank You: babynus
    The topic has been locked.
    Moderators: babynusprotion
    Time to create page: 0.032 seconds

    Cookies settings

    ×

    Functional Cookies

    Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

    Session

    Please login to see yours activities!

    Other cookies

    Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

    Login Form