8000 LDAP Login Configuration · Issue #2822 · wekan/wekan · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

LDAP Login Configuration #2822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
belmironeto opened this issue Nov 21, 2019 · 14 comments
Closed

LDAP Login Configuration #2822

belmironeto opened this issue Nov 21, 2019 · 14 comments

Comments

@belmironeto
Copy link

Wekan Version: 3.55.0
Installed by: SNAP
Issue:
When trying to connect with LDAP User Account I Get the Message: "Must be logged in"

Here are my wekan variables:
image

And this is my wekan error and the log:
[ERROR] InvalidCredentialsError: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839

image
@xet7
Copy link
Member
xet7 commented Nov 21, 2019
edited
Loading

Try:

sudo snap set wekan ldap-username-field='sAMAccountName'
sudo snap unset wekan ldap-sync-admin-status

Then after that, try to login with your email address and password.

@belmironeto
Copy link
Author
belmironeto commented Nov 21, 2019
edited
Loading

Same error...

image

Is there any way to put a LDAP configuration with a test page in admin area?

@sclerc-chss
Copy link

At this time, I don't arrived to get a working LDAP authentication with an Active Directory server ... A test interface (and configuration ? ) in admin panel could be useful :)

@battosai30
Copy link

I agree, LDAP config is a pain in the ....
I got mine working but it took a long time as there is a lot of parameters and each time you change one you have to reset all the Snap which is clearly not instant. When I will have everything working (ldap admin & group was still buggy severall months ago) I will try to update the doc as it's completely outdated.

@belmironeto
Copy link
Author

I agree, LDAP config is a pain in the ....
I got mine working but it took a long time as there is a lot of parameters and each time you change one you have to reset all the Snap which is clearly not instant. When I will have everything working (ldap admin & group was still buggy severall months ago) I will try to update the doc as it's completely outdated.

You configured LDAP to comunicate to a Windows Server AD? Could you please put your parameters so I can compare to my?

@battosai30
Copy link

S

I agree, LDAP config is a pain in the ....
I got mine working but it took a long time as there is a lot of parameters and each time you change one you have to reset all the Snap which is clearly not instant. When I will have everything working (ldap admin & group was still buggy severall months ago) I will try to update the doc as it's completely outdated.

You configured LDAP to comunicate to a Windows Server AD? Could you please put your parameters so I can compare to my?

Sorry no, it's an OpenLDAP :s but if it could help, this is my conf :

Key                                    Value
caddy-enabled                          false
default-authentication-method          ldap
ldap-authentication                    true
ldap-authentication-password           ********
ldap-authentication-userdn             cn=admin,dc=*******,dc=lan
ldap-background-sync                   true
ldap-background-sync-import-new-users  true
ldap-background-sync-interval          Every 1 minute
ldap-basedn                            dc=*****,dc=lan
ldap-email-field                       mail
ldap-enable                            true
ldap-fullname-field                    cn
ldap-group-filter-enable               false
ldap-group-filter-id-attribute         cn
ldap-group-filter-objectclass          groupOfUniqueNames
ldap-host                              192.168.100.7
ldap-log-enabled                       false
ldap-login-fallback                    true
ldap-merge-existing-users              true
ldap-port                              389
ldap-sync-admin-groups                 administrator
ldap-user-search-field                 uid
ldap-user-search-filter                (&(objectclass=inetOrgPerson))
ldap-user-search-scope                 sub
ldap-username-field                    uid
port                                   8080
root-url                               https://wekan.*****.fr

Group sync was buggy when I made the conf so you can ignore this parameters I guess.

@shioku
Copy link
shioku commented Dec 22, 2019

This is the configuration (ldap-part) i use with Active Directory.

snap set wekan ldap-enable='true'
snap set wekan default-authentication-method='ldap'
snap set wekan ldap-port='389'
snap set wekan ldap-host='<ip>'
snap set wekan ldap-basedn='OU=Domain Users,DC=sub,DC=domain,DC=tld'
snap set wekan ldap-login-fallback='false'
snap set wekan ldap-reconnect='true'
snap set wekan ldap-timeout='10000'
snap set wekan ldap-idle-timeout='10000'
snap set wekan ldap-connect-timeout='10000'
snap set wekan ldap-authentication='true'
snap set wekan ldap-authentication-userdn='CN=LDAP-User,OU=Service Accounts,DC=sub,DC=domain,DC=tld'
snap set wekan ldap-authentication-password='<password>'
snap set wekan ldap-log-enabled='true'
snap set wekan ldap-background-sync='true'
snap set wekan ldap-background-sync-interval='60000'
snap set wekan ldap-background-sync-keep-existant-users-updated='true'
snap set wekan ldap-background-sync-import-new-users='true'
snap set wekan ldap-encryption='false'
snap set wekan ldap-user-search-field='sAMAccountName'
snap set wekan ldap-username-field='sAMAccountName'
snap set wekan ldap-fullname-field='cn'

@xet7
Copy link
Member
xet7 commented Dec 23, 2019

LDAP docs moved to https://github.com/wekan/wekan/wiki/LDAP

@xet7 xet7 closed this as completed Dec 23, 2019
@marcioaquilles
Copy link

I haven't been able to set up yet.

@marcioaquilles
Copy link

Did anyone get it to help me?

@xet7
Copy link
Member
xet7 commented Aug 20, 2022
edited
Loading

@marcioaquilles

Please look at various examples to auth/login at right menu of wiki:

https://github.com/wekan/wekan/wiki

@veloprofz
Copy link

how to turn on the option so that ldap authentication appears in the admin panel?

@xet7
Copy link
Member
xet7 commented Feb 21, 2023

@veloprofz

https://github.com/wekan/wekan/wiki/LDAP

Snap

sudo snap set wekan ldap-enable='true'

Docker

https://github.com/wekan/wekan/blob/master/docker-compose.yml#L488

@MazeOfFate
Copy link
MazeOfFate commented Feb 12, 2024
edited
Loading

Maybe too late for you @belmironeto but helpfull for others in the future: LDAP_USER_AUTHENTICATION have to be set to false.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@xet7 @battosai30 @marcioaquilles @sclerc-chss @shioku @belmironeto @MazeOfFate @veloprofz
0