LinkBack URL
About LinkBacks
Ldap User&Group membership
Hi guys,
I try to work with Openldap authentification on a SugarCrm version 5.5.4 Community Edition.
First thing is the user membership, and this feature works great on my lab :
###############################################
Activate Ldap : check
Server : 192.168.1.10
DN user : ou=people,dc=domain,dc=com
User filter : blank
Connection Att: uid
Login Att : uid
Group member : uncheck
Auth : check
Auth bind user: uid=bind,dc=domain,dc=com
Auth bin pwd : **************
Autocreate user: check
Crypto key : blank
###############################################
The user is created succesfully. Now i would like to permit only user from a particular ldap group :
The group is like this :
dn: cn=GLPI,ou=groups,dc=domain,dc=com
gidNumber: 10002
cn: GLPI
description: Glpi
memberUid: user1
memberUid: user2
objectClass: posixGroup
objectClass: sambaGroupMapping
And here is my SugarCrm config :
###############################################
Activate Ldap : check
Server : 192.168.1.10
DN user : ou=people,dc=domain,dc=com
User filter : blank
Connection Att: uid
Login Att : uid
Group member : check
Group Dn : ou=groups,dc=domain,dc=com
Group Name : cn=GLPI
User Att : uid
Group Att : memberUid
Auth : check
Auth bind user: uid=bind,dc=domain,dc=com
Auth bin pwd : **************
Autocreate user: check
Crypto key : blank
###############################################
And the result failed (Invalid DN syntax) with this trace :
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] Query Execution Time:0.00029397010803223
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] Starting user load for user1
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth: Connecting to LDAP server: 192.168.1.10
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] ldapauth.ldap_rdn_lookup: Bind succeeded, searching for uid=user1
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth.ldap_rdn_lookup: base_dnu=people,dc=domain,dc=com , search_filter
uid=user1)
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] ldapauth.ldap_rdn_lookup: Search result:
ldapauth.ldap_rdn_lookup: 2
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] ldapauth.ldap_rdn_lookup: found_bind_user=user1
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth.ldap_authenticate_user: ldap_rdn_lookup returned bind_user=user1
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] ldapauth: Binding user user1
Mon Dec 6 17:22:05 2010 [7506][-none-][FATAL] [LDAP ERROR][34]Invalid DN syntax
Mon Dec 6 17:22:05 2010 [7506][-none-][FATAL] [LDAP] ATTEMPTING BIND USING BASE DN PARAMS
Mon Dec 6 17:22:05 2010 [7506][-none-][INFO] ldapauth: Bind attempt complete.
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth: Fetching user info from Directory.
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth: ldap_search complete.
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] ldapauth: User info from Directory fetched.
Mon Dec 6 17:22:05 2010 [7506][-none-][DEBUG] LDAPAuth: scanning group for user membership
Mon Dec 6 17:22:05 2010 [7506][-none-][FATAL] ldapauth: uid not found for user msaettel cannot authenticate against an LDAP group
Mon Dec 6 17:22:05 2010 [7506][-none-][FATAL] SECURITY: User authentication for user1 failed
It seems that the group membership is not recognize.
I try to mix between default values and common sense on the form (uid,memberUid,cn,..), but each try failed with an invalid DN syntax.
Thx in advance for the community answers.
Reply With Quote
Bookmarks