Hi,
this is what i get when authneticating using LDAP credentials :
Could not perform ldap_search. Protocol error35:19 - LdapClient v-0.5
35:19 - isValidUser is called.
35:19 - LDAP Server is:ldap://
server.example.com port:389 - OK
35:19 - Bind username:UID=loginname,OU=User,OU=People,DC=example,DC=com password:********* - OK
35:19
- Query baseDn (2):UID=loginname,OU=User,OU=People,DC=example,DC=com filter:(&(&(objectClass=posixAccount))(UID=*)), attributes: dn,
memberof, mail, givenname - OK
35:19 - Query result count: 1
35:19 - Email has been retrieved:
first...@example.com35:19 - Full name has been retrieved: givenNameValue
35:19 - Query result memberofDn: 1
35:19 - Query result DN: uid=loginname,ou=User,ou=People,dc=example,dc=com
35:19 - Bind username:uid=loginname,ou=User,ou=People,dc=example,dc=com password:********* - OK
35:19 - getUserGroups is called.
35:19 - Query user's groups baseDn:OU=CloudProject,OU=Group,DC=example,DC=com filter: - Failed
A manual LDAP search made (anonymously) returns :
ldapsearch -H ldap://localhost -x -b ou=CloudProject,ou=Group,dc=example,dc=com '(&(objectClass=groupOfNames))' cn
# extended LDIF
#
# LDAPv3
# base <ou=CloudProject,ou=Group,dc=example,dc=com> with scope subtree
# filter: (&(objectClass=groupOfNames))
# requesting: cn
#
# Audes, AUDES, Enedis, Group, enedis.oper
dn: cn=groupname,ou=businessUnitName,ou=CloudProject,ou=Group,dc=example,dc=com
cn: groupname
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
This is my scalr-server.rb config
:ldap => {
# Tells Scalr what LDAP server to connect to
:bind_type => 'openldap',
:port => '389',
# Tells Scalr where to look at for users and groups
:base_dn => 'OU=User,OU=People,DC=example,DC=com',
:base_dn_groups => 'OU=cloudProject,OU=Group,DC=example,DC=com',
# Tells Scalr what attributes to look at
:username_attribute => 'UID',
:groupname_attribute => 'CN',
# Tells Scalr the attribute that contains the user's fullName attribute
:fullname_attribute => 'givenName',
:mail_attribute => 'mail',
# Tells Scalr how group membership is represented
:group_member_attribute_type => 'member',
:group_nesting => 0 ,
# Tells Scalr to use filters to speed up queries
:filter => {
:users => '(&(objectClass=posixAccount))',
:groups => '(&(objectClass=groupOfNames))',
},
# Uncomment for debug output if you can't login
:debug => 1,
}
I understand that :
- the initial bind is successful (it says password is ok, and the additional attributes (libke mail and givenname) are clean.
- the subsequent getUserGroups routine call seems to be using a wrong filter somehow
Other symptoms i've got :
when creating teams, no members are fetched whatever the filter value i setup.
Is there something i can have a look into ? Do you have some suggestions ?
Thanks