Redmine LDAP authentication

Question

I have a Mac Mini server running Snow Leopard and installed Redmine.

I would now like my users to be able to authenticate against the Open Directory server, but can't get it to work.

Here's how I set up Redmine (please forgive me for slightly altering the domainnames):

Name     = My Directory
Host     = host.subdomain.domain.org
Port     = 389
LDAPS    = no
Account  = uid=root
Password = $rootpassword
Base DN  = DC=host,DC=subdomain,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

But everytime I try to log in with an account that is in the open directory it'll tell me Invalid user or password and the login attempt doesn't even show up in the ldap logs.

Variations of the account I've been through:

root                            did nothing, 'wrong dn' in ldap logs
root@subdomain.domain.org       Can't login: "Invalid user or password", nothing in logs
root@host.subdomain.domain.org  Can't login: "Invalid user or password", nothing in logs
uid=root                        Can't login: "Invalid user or password", nothing in logs
cn=root                         Can't login: "Invalid user or password", nothing in logs

Variations of the Login attribute:

sAMAccountName "Invalid user or password"
uid            "Invalid user or password"

score 0 · Answer 1 · answered Jun 14 '11 at 15:15

0

"do_bind: invalid dn (root)"

That probably means that your root user id is in the wrong format. You probably need to put it in either the distinguised name format or as a sAmAccount format.

For instance, Distinguised Name Notation:

DN=root, DC=subdomain, DC=domain, DC=com

That would work for a root user that is in the base of your subdomain directory.

sAmAccount notation:

root@subdomain.domain.com

This one is easier because it doesn't require the full path to the root user's DN.

answered Jun 14 '11 at 15:15

Baroni

7
1

Yeah, I already fixed that last message, thanks! Still can't login though :'( – Zsub Jun 14 '11 at 15:50
Hmm, I think sAmAccountName for login is only used in Microsoft Environments. You may need to change the "Login" parameter to uid to suit the Apple Open Directory Environment. If uid doesn't work, there might be another attribute in the user's account that would provide that information. – Baroni Jun 14 '11 at 16:15
That's a good suggestion, but it didn't work. – Zsub Jun 14 '11 at 16:23

score 0 · Accepted Answer · answered Jun 14 '11 at 16:35

Well, I solved it. Used this link.

In short, the (or a) correct config for me was:

Name     = My Directory (anything you want)
Host     = host.local (yes, the .local)
Port     = 389
LDAPS    = no
Account  = (empty)
Password = (empty)
Base DN  = DC=host,DC=subdomain,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = uid
  Firstname = givenName
  Lastname  = sN
  Email     = mail

Please bear in mind that with on-the-fly user creation as of the time of writing this users need a valid email set in ldap/opendirectory!

score 0 · Answer 3 · answered Dec 20 '16 at 17:21

with last version Bitnami 3.3.1.0 I used this settings:

Name     = My Directory (anything you want)
Host     = ldap-auth-serv.host.local (yes, the .local)
Port     = 636
LDAPS    = yes
Account  = RedminAuthUser@domain.local (userPrincipalName Redmine user from AD)
Password = hisPassword
Base DN  = OU=UsersCorp,DC=domain,DC=org

On-the-fly user creation = yes
Attributes
  Login     = sAMAccountName
  Firstname = givenName
  Lastname  = sN
  Email     = mail

For LDAPS auth created new LDAP SSL Certification template, issued certificate for DC1, installed this certificate for Active Directory Domain Services (export-import), checked with ldp.exe LDAPS connection to 636 port. And go!

Redmine LDAP authentication

3 Answers3