Home / server / Questions / 280322
Accepted
Zsub
Asked: 2011-06-15 07:05:51 +0800 CST

Redmine LDAP authentication

  • 772

I have a Mac Mini server running Snow Leopard and installed Redmine.

I would now like my users to be able to authenticate against the Open Directory server, but can't get it to work.

Here's how I set up Redmine (please forgive me for slightly altering the domainnames):

Name     = My Directory
Host     = host.subdomain.domain.org
Port     = 389
LDAPS    = no
Account  = uid=root
Password = $rootpassword
Base DN  = DC=host,DC=subdomain,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

But everytime I try to log in with an account that is in the open directory it'll tell me Invalid user or password and the login attempt doesn't even show up in the ldap logs.

Variations of the account I've been through:

root                            did nothing, 'wrong dn' in ldap logs
[email protected]       Can't login: "Invalid user or password", nothing in logs
[email protected]  Can't login: "Invalid user or password", nothing in logs
uid=root                        Can't login: "Invalid user or password", nothing in logs
cn=root                         Can't login: "Invalid user or password", nothing in logs

Variations of the Login attribute:

sAMAccountName "Invalid user or password"
uid            "Invalid user or password"
mac-osx-server ldap redmine osx-snow-leopard

3 Answers

  1. "do_bind: invalid dn (root)"

    That probably means that your root user id is in the wrong format. You probably need to put it in either the distinguised name format or as a sAmAccount format.

    For instance, Distinguised Name Notation:

    DN=root, DC=subdomain, DC=domain, DC=com

    That would work for a root user that is in the base of your subdomain directory.

    sAmAccount notation:

    [email protected]

    This one is easier because it doesn't require the full path to the root user's DN.

    • 0
  2. Best Answer

    Well, I solved it. Used this link.

    In short, the (or a) correct config for me was:

    Name     = My Directory (anything you want)
Host     = host.local (yes, the .local)
Port     = 389
LDAPS    = no
Account  = (empty)
Password = (empty)
Base DN  = DC=host,DC=subdomain,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = uid
  Firstname = givenName
  Lastname  = sN
  Email     = mail

    Please bear in mind that with on-the-fly user creation as of the time of writing this users need a valid email set in ldap/opendirectory!

    • 0

  3. with last version Bitnami 3.3.1.0 I used this settings:

    Name     = My Directory (anything you want)
Host     = ldap-auth-serv.host.local (yes, the .local)
Port     = 636
LDAPS    = yes
Account  = [email protected] (userPrincipalName Redmine user from AD)
Password = hisPassword
Base DN  = OU=UsersCorp,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

    For LDAPS auth created new LDAP SSL Certification template, issued certificate for DC1, installed this certificate for Active Directory Domain Services (export-import), checked with ldp.exe LDAPS connection to 636 port. And go!

    • 0