Content
LDAP Authentication with ApacheDS
Hello,
i struggle to configure Openproject 3.0 with LDAP-Authentication with ApacheDS.
- Test Connection gives ok-status back, even if account, password or basedn are nonsense.
- Saving Authentication Mode (LDAP) with Password and returning to Authentication Mode (LDAP): The Password is grayed out. Saving Authentication Mode (LDAP) and returning again: the password disappears.
- I tried to configure it as Setting_up_an_OpenLDAP_server_for_testing, but there is a RuntimeError:
Started POST "/login" for MY_IP at 2014-03-31 18:22:15 +0200
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"NpzX/9WO02HtRsEWDzckcqXf/6dS+gLoKYBtjwdoodo=", "back_url"=>"/", "username"=>"MY_USERNAME", "password"=>"[FILTERED]", "login"=>"Login"}
Completed 500 Internal Server Error in 12.0ms
RuntimeError (LdapError: invalid response-type in search: 24):
app/models/ldap_auth_source.rb:51:in `rescue in authenticate'
app/models/ldap_auth_source.rb:43:in `authenticate'
app/models/user.rb:272:in `try_authentication_for_existing_user'
app/models/user.rb:255:in `try_to_login'
app/controllers/account_controller.rb:189:in `password_authentication'
app/controllers/account_controller.rb:184:in `authenticate_user'
app/controllers/account_controller.rb:41:in `login'
Has anybody the same problems?
Thank you,
Christian
Replies (3)
The Runtime Error requires that the user ist already created via OP, but authentication is switched to LDAP as configured above.
Nevertheless, the same LdapError shows in log when trying on-the-fly authentication:
Im just adding my ApacheDS logs - perhaps can somebody figure out where the ProtocolError among net-ldap and apacheds comes from:
[13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - Decoding the PDU : [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - 0x30 0x2E 0x02 0x01 0x01 0x60 0x29 0x02 0x01 0x03 0x04 0x13 0x75 0x69 0x64 0x3D 0x61 0x64 0x6D 0x69 0x6E 0x2C 0x6F 0x75 0x3D 0x73 0x79 0x73 0x74 0x65 0x6D 0x80 0x0F 0x63 0x6C 0x6F 0x73 0x65 0x64 0x70 0x72 0x6F 0x6A 0x65 0x63 0x74 0x23 0x31 [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - Decoded LdapMessage : MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : '3' Name : 'uid=admin,ou=system' Simple authentication : 'PASSWORD/0x63 0x6C 0x6F 0x73 0x65 0x64 0x70 0x72 0x6F 0x6A 0x65 0x63 0x74 0x23 0x31 ' [13:36:53] DEBUG [org.apache.directory.server.OPERATION_LOG] - >> LookupOperation : FilteringOperationContext for Dn 'uid=admin,ou=system', * [13:36:53] DEBUG [org.apache.directory.server.OPERATION_LOG] - << LookupOperation successful [13:36:53] DEBUG [org.apache.directory.server.OPERATION_LOG] - >> BindOperation : BindContext for Dn 'uid=admin,ou=system', credentials <0x63 0x6C 0x6F 0x73 0x65 0x64 0x70 0x72 0x6F 0x6A 0x65 0x63 0x74 0x23 0x31 > [13:36:53] DEBUG [org.apache.directory.server.OPERATION_LOG] - << BindOperation successful [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - Encoded message MessageType : BIND_RESPONSE Message ID : 1 BindResponse Ldap Result Result code : (SUCCESS) success Matched Dn : 'null' Diagnostic message : 'null' : 0x30 0x0C 0x02 0x01 0x01 0x61 0x07 0x0A 0x01 0x00 0x04 0x00 0x04 0x00 [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - Decoding the PDU : [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - 0x30 0x50 0x02 0x01 0x02 0x63 0x49 0x04 0x00 0x0A 0x01 0x02 0x0A 0x01 0x00 0x02 0x01 0x00 0x02 0x01 0x00 0x01 0x01 0x00 0xA0 0x1B 0x87 0x0B 0x6F 0x62 0x6A 0x65 0x63 0x74 0x43 0x6C 0x61 0x73 0x73 0xA3 0x0C 0x04 0x03 0x75 0x69 0x64 0x04 0x05 0x74 0x65 0x73 0x74 0x33 0x30 0x19 0x04 0x02 0x64 0x6E 0x04 0x09 0x67 0x69 0x76 0x65 0x6E 0x6E 0x61 0x6D 0x65 0x04 0x02 0x73 0x6E 0x04 0x04 0x6D 0x61 0x69 0x6C 0xA0 0x00 [13:36:53] ERROR [org.apache.directory.api.ldap.codec.actions.controls.InitControls] - The length of controls must not be null [13:36:53] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client. org.apache.mina.filter.codec.ProtocolDecoderException: org.apache.directory.api.ldap.codec.api.ResponseCarryingException: The length of controls must not be null (Hexdump: 30 50 02 01 02 63 49 04 00 0A 01 02 0A 01 00 02 01 00 02 01 00 01 01 00 A0 1B 87 0B 6F 62 6A 65 63 74 43 6C 61 73 73 A3 0C 04 03 75 69 64 04 05 74 65 73 74 33 30 19 04 02 64 6E 04 09 67 69 76 65 6E 6E 61 6D 65 04 02 73 6E 04 04 6D 61 69 6C A0 00 [removed lots of 00s here] 00) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:242) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664) at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: org.apache.directory.api.ldap.codec.api.ResponseCarryingException: The length of controls must not be null at org.apache.directory.api.ldap.codec.protocol.mina.LdapProtocolDecoder.decode(LdapProtocolDecoder.java:177) at org.apache.directory.api.ldap.codec.protocol.mina.LdapProtocolDecoder.decode(LdapProtocolDecoder.java:94) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:232) ... 15 more [13:36:53] DEBUG [org.apache.directory.api.CODEC_LOG] - Encoded message MessageType : EXTENDED_RESPONSE Message ID : 0 Extended Response ResponseName :'1.3.6.1.4.1.1466.20036' Ldap Result Result code : (PROTOCOL_ERROR) protocolError Matched Dn : 'null' Diagnostic message : 'PROTOCOL_ERROR: The server will disconnect!' : 0x30 0x4F 0x02 0x01 0x00 0x78 0x4A 0x0A 0x01 0x02 0x04 0x00 0x04 0x2B 0x50 0x52 0x4F 0x54 0x4F 0x43 0x4F 0x4C 0x5F 0x45 0x52 0x52 0x4F 0x52 0x3A 0x20 0x54 0x68 0x65 0x20 0x73 0x65 0x72 0x76 0x65 0x72 0x20 0x77 0x69 0x6C 0x6C 0x20 0x64 0x69 0x73 0x63 0x6F 0x6E 0x6E 0x65 0x63 0x74 0x21 0x8A 0x16 0x31 0x2E 0x33 0x2E 0x36 0x2E 0x31 0x2E 0x34 0x2E 0x31 0x2E 0x31 0x34 0x36 0x36 0x2E 0x32 0x30 0x30 0x33 0x36 [13:36:53] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Null LdapSession given to cleanUpSession.For people with the same problem, I will not forget to post my ‘solution’: to use OpenLDAP (2.4.23) instead and migrate my ldif. Works without problems under my configuration.
Upgrading net-ldap to 0.8.0 solves this issue.