working dex.config with active_directory?
675 views
Skip to first unread message
Joris Heinrich
Nov 23, 2016, 11:17:46 AM11/23/16
to dex-dev
Hey Hey,
anyone got dex working with microsoft active directory?
following config:
connectors:
- type: ldap
id: ldap
config:
# host and port of the LDAP server in form "host:port".
host: auth.test.de:389
# freeIPA server's CA
#rootCA: ca.crt
bindDN: CN=Ldap Bind,CN=Users,DC=auth,DC=test,DC=de
bindPW: xxxxxxx
userSearch:
# Would translate to the query "(&(objectClass=person)(uid=<username>))".
baseDN: OU=Users,OU=test,DC=auth,DC=test,DC=de
filter: "(objectClass=sAMAccountName)"
username: uid
idAttr: uid
# Required. Attribute to map to Email.
emailAttr: mail
# Entity attribute to map to display name of users.
groupSearch:
# Would translate to the query "(&(objectClass=group)(member=<user uid>))".
baseDN: OU=Backoffice,OU=Roles,DC=auth,DC=test,DC=de
filter: "(objectClass=group)"
userAttr: sAMAccountName
groupAttr: memberOf
nameAttr: name
produce following error log:
Failed to login user: failed to connect: LDAP Result Code 200 "": read tcp 10.20.96.235:37942->10.20.96.87:389: read: connection reset by peer
any sugestions?
Best and Thanks
Eric Chiang
Nov 23, 2016, 12:32:18 PM11/23/16
to Joris Heinrich, dex-dev
I think you need `insecureNoTLS: true`. 389 is the TCP port if I'm correct.
That or you can try port 636.
Please let me know if either of those work.
Eric
> --
> You received this message because you are subscribed to the Google Groups
> "dex-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dex-dev+u...@googlegroups.com.
> To post to this group, send email to dex...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/dex-dev/6f091550-4365-49a0-975e-a4e6d9e0990a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
That or you can try port 636.
Please let me know if either of those work.
Eric
> You received this message because you are subscribed to the Google Groups
> "dex-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dex-dev+u...@googlegroups.com.
> To post to this group, send email to dex...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/dex-dev/6f091550-4365-49a0-975e-a4e6d9e0990a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Joris Heinrich
Nov 23, 2016, 2:14:05 PM11/23/16
to dex-dev
Eric, thanks for your quick answer.
Port 636 and your mentioned option is working
Eric Chiang
Nov 23, 2016, 2:26:46 PM11/23/16
to Joris Heinrich, dex-dev
Perfect. We'll try to be more clear about this in our documentation.
On Wed, Nov 23, 2016 at 11:14 AM, 'Joris Heinrich' via dex-dev
> https://groups.google.com/d/msgid/dex-dev/ca3ea7da-3e48-45ca-822e-83c4b09b0f6b%40googlegroups.com.
On Wed, Nov 23, 2016 at 11:14 AM, 'Joris Heinrich' via dex-dev
Eric Chiang
Nov 23, 2016, 3:39:23 PM11/23/16
to Joris Heinrich, dex-dev
Reply all
Reply to author
Forward
0 new messages