0

I'm setting up Redmine's LDAP authentication and am running into some odd issues. I have the configuration setup and saved, and when I click on "Test" in the Authentication modes menu in Redmine for that configuration, it says "Successful connection". I have also setup a user with the username stored on the LDAP host, and specified to authenticate using the configured LDAP authentication.

However, when I try to login as that user, it always fails. It's almost as if it can't quite contact the LDAP server properly (even though the test succeeded). I'm curious as to what that test actually does, and if there's a way I can look at some sort of log somewhere (nothing is really showing much) to show what/why it's failing.

Any ideas or suggestions?

nuclearpenguin
  • 193
  • 2
  • 10
  • The directory server keeps a log file that may contain the answers you seek. If I'm not mistaken, OpenLDAP by default logs to syslogd. – Terry Gardner Sep 30 '11 at 14:50

2 Answers2

0

Some applications (Redmine, Kwok, ...) can integrate with LDAP but it requires the users to exist in its database. Take a look at this. I modify the import.php script to synchronize OpenLDAP users to MySQL database:

The users tables:

mysql> desc users;
+-------------------+--------------+------+-----+---------+----------------+
| Field             | Type         | Null | Key | Default | Extra          |
+-------------------+--------------+------+-----+---------+----------------+
| id                | int(11)      | NO   | PRI | NULL    | auto_increment | 
| login             | varchar(30)  | YES  |     |         |                | 
| hashed_password   | varchar(40)  | YES  |     |         |                | 
| firstname         | varchar(30)  | YES  |     |         |                | 
| lastname          | varchar(30)  | YES  |     |         |                | 
| mail              | varchar(60)  | YES  |     |         |                | 
| admin             | tinyint(1)   | YES  |     | 0       |                | 
| status            | int(11)      | YES  |     | 1       |                | 
| last_login_on     | datetime     | YES  |     | NULL    |                | 
| language          | varchar(5)   | YES  |     |         |                | 
| auth_source_id    | int(11)      | YES  | MUL | NULL    |                | 
| created_on        | datetime     | YES  |     | NULL    |                | 
| updated_on        | datetime     | YES  |     | NULL    |                | 
| type              | varchar(255) | YES  | MUL | NULL    |                | 
| identity_url      | varchar(255) | YES  |     | NULL    |                | 
| mail_notification | varchar(255) | NO   |     |         |                | 
| salt              | varchar(64)  | YES  |     | NULL    |                | 
+-------------------+--------------+------+-----+---------+----------------+

My OpenLDAP schema:

dn: cn=quanta,ou=x,dc=x,dc=x
cn: quanta
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
mail: x@y.z
givenName: a
initials: b
sn: c
userPassword: {SSHA}123

So, I import as belows:

"INSERT INTO users (login, firstname, lastname, mail, mail_notification, \
   admin, status, language, auth_source_id, created_on, type) \
    VALUES('" . $data[$i]["cn"][0] . "','" . $data[$i]["givenname"][0] . "',\
        '" . $data[$i]["sn"][0]." ".$data[$i]["initials"][0] . "',\
            '" . $data[$i]["mail"][0] . "',false,false,1,'en','1',\
                '".date('Y-m-d H:m:s')."','User')";

I also setup a incron job to do it automatically whenever an user is inserted or updated to the OpenLDAP:

/var/lib/ldap/*.bdb IN_MODIFY,IN_CREATE,IN_CLOSE_WRITE /usr/bin/php -q /var/www/html/import.php
quanta
  • 50,327
  • 19
  • 152
  • 213
0

This was actually a simple problem with the username being incorrect. Changing it to the correct one fixed the problem.

nuclearpenguin
  • 193
  • 2
  • 10