derkork Posted November 30, 2013 Report Share Posted November 30, 2013 I have configured a plastic server on Linux to connect to an OpenLDAP server on the same machine. <ServerConfigData xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Language>en</Language> <WorkingMode>LDAPWorkingMode</WorkingMode> <SecurityConfig>LDAP:localhost:389:cn=sysread,ou=users,dc=insomnia-hq,dc=de:XXXXXXXXXXX:dc=insomnia-hq,dc=de</SecurityConfig> <BufferPoolSize>0</BufferPoolSize> <AuditLogLevel>1</AuditLogLevel> <AuditLogFile>audit.log</AuditLogFile> </ServerConfigData> However whenever I try to authenticate agains the server I get the following error message ERROR Codice.CM.Server.ExceptionTracerSink - Dumping in-transit exception:Active Directory or LDAP: Invalid credentials username, password or domain are not valid. Server error: An error occurre d in the LDAP server: Local Error From the LDAP server logs I can see that it doesn't even try to connect to the ldap server. Did I misconfigure something here? Link to comment Share on other sites More sharing options...
calbzam Posted December 2, 2013 Report Share Posted December 2, 2013 Hi, Can you drive to the Plastic server folder, and open "configureserver.exe". Using the configuration tool, enter your LDAP information and click "Test Connection". Is it working fine? After that, open a command line and enter "plastic --configure" to configure the Plastic client. Select "LDAP" and click on "Test connection". If both connections are working fine, you should be able to connect using LDAP authentication. Regards, Carlos Link to comment Share on other sites More sharing options...
derkork Posted December 2, 2013 Author Report Share Posted December 2, 2013 I'm basically getting the same error message (see attachment). However, this at least seems to connect to the LDAP server. I'm not sure though what the issue is there. If I connect to the LDAP server using, e.g. Apache Directory Studio and the same credentials, I'm getting no issues at all. How exactly does Plastic search the users in the LDAP structure? Link to comment Share on other sites More sharing options...
calbzam Posted December 2, 2013 Report Share Posted December 2, 2013 Hi, If you enter: Username: user@insomnia-hq.de password: YourPassword Are you getting the same issue? Do you have your LDAP server on the same host as the Plastic server, right? (localhost) Regards, Carlos Link to comment Share on other sites More sharing options...
derkork Posted December 2, 2013 Author Report Share Posted December 2, 2013 That actually did not work, but it put me in the right direction . I was able to find out what the issue behind this is. The Plastic server is looking for uid=<whatever you enter in the username field>. Problem is, that in our LDAP there is no UID attribute for users, just a cn attribute which is unique. So as an experiment I added a uid-attribute to a user et voila, it works. Next thing I wanted to try is groups. Now the Plastic server looks for "(|(objectClass=groupOfUniqueNames)(objectClass=posixGroup)(?objectClass=group))". Problem is that our groups are none of these three but a "groupOfNames" and therefore not found. I also cannot change the groups to something else as this would break all software configuration we have already running (jira, confluence, subversion etc. ). Is there a way to configure the LDAP search strings somehow so we can adapt this to our setup? Kind regards, Jan Link to comment Share on other sites More sharing options...
calbzam Posted December 5, 2013 Report Share Posted December 5, 2013 Hi, I´m sorry. But it´s not possible to configure the LDAP search strings Regards, Carlos Link to comment Share on other sites More sharing options...
derkork Posted December 5, 2013 Author Report Share Posted December 5, 2013 I´m sorry. But it´s not possible to configure the LDAP search strings Hi Carlos, thanks for letting me know. Is this on the roadmap somehow? Actually every program we have connected to our LDAP server supported the configuration of the LDAP search strings (Jira, Confluence, Postfix, Wordpress, even the Unity Asset Server after some fiddling), so I'm kinda surprised that Plastic doesn't offer it especially since it is targeted at Corporate environments. Link to comment Share on other sites More sharing options...
derkork Posted December 7, 2013 Author Report Share Posted December 7, 2013 I have set up some experimental LDAP branch to cater for Plastic's fixed LDAP search strings, and at least the users are found now. However my group is not found even though it's a groupOfUniqueNames now (and the LDAP server returns it when Plastic searches for it). Is there some documentation on how the LDAP objects have to be set up so that Plastic will recognize them as users/groups? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.