Top Menu

Jump to content
Home
    • Projects
    • Activity
    • Work packages
    • Calendars
    • Team planners
    • Boards
    • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.
    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support
    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?
      Create a new account

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • Forums
  • Feature tour
    Feature tour
You are here:
  • Forums
  • General discussion

Content

LDAP Authentication: OP doesn't try to authenticate user against LDAP/AD

Added by Stephan Budach 7 months ago

I am trying to configure OP community edition (for now) to authenticate against our AD. I have created a LDAP Authentication object and the connection check reports success. Then I set my user account to use this LDAP authentication, but upon trying to log in, my credentials can't be verified.

It looks like OP isn't even trying to authenticate my account, since I can't find any login attempts on our AD for that. I then tried an incorrect password for my AD user, since we do have a lockout policy which will temporarily disable an account if repeated failed logins occur, but that wasn't invoked as well.

Is there some option to dig deeper into the logs? There must be something amiss.


Replies (3)

RE: LDAP Authentication: OP doesn't try to authenticate user against LDAP/AD - Added by Night Owl 7 months ago

  1. create user in AD. specify authentication method is your ldap/ad.
  2. make sure notification email in OP is set up properly.
  3. make sure ldap traffic from OP to AD is allowed in firewall.
  4. create new user in OP. there will be invitation mail to user. *make sure username is not include @.
  5. tell user to check their mail and  click link to activate account.
  6. login with their username (no @). 
  7. done.

RE: LDAP Authentication: OP doesn't try to authenticate user against LDAP/AD - Added by Stephan Budach 7 months ago

Well, yes - I did that and I already tried it twice. I even set up a new instance, but the result is the same. OP does connect to the LDAP server using the configured AD user. It also fetches my avatar from AD, but it doesn't authenticate me. On my LDAP server, I can't find any hints to an attempted LDAP bind for my user.

Hence the question, if there's an option to see whether OP actually tries to authenticate my account via AD, or if it fails on local authentication, which is not set for this account. I set "Authentication mode" to the LDAP authentication name, I have set up.

RE: LDAP Authentication: OP doesn't try to authenticate user against LDAP/AD - Added by Stephan Budach 7 months ago

Ahh… never mind. I traced the authentication with tcpdump and noticed a type for the user name attribute mapping. Fixed that and off we go.

  • (1 - 3/3)
Loading...