ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

Forums » Discuss »

Problem with connecting to remote LDAP

Added by Marcin Garski at 2011-06-30 09:38 am

Hey,
does anyone had problem with connecting chiliproject to remote LDAP for authentication? I don't know if I had good conf in LDAP Authentication (Chiliproject Window), I get this in syslog:

Jun 30 08:15:28 newmaster slapd14111: conn=791 fd=26 ACCEPT from IP=10.1.1.198:43865 (IP=0.0.0.0:389)
Jun 30 08:15:28 newmaster slapd14111: conn=791 op=0 BIND dn="" method=128
Jun 30 08:15:28 newmaster slapd14111: conn=791 op=0 RESULT tag=97 err=0 text=
Jun 30 08:15:28 newmaster slapd14111: conn=791 fd=26 closed (connection lost)

BIND dn="" this one is suspicious for me.
There are many fields in LDAP Authorization in Chiliproject: "Name", "Host", "Port" "Base DN" are simple. I'm not sure the "login" field, it's obligatory, what should I add there.
What I'm trying to do is to connect Chiliproject to my existing LDAP so my users will be able to log into chiliproject without registration, just jusing they domain login and pass.

Thanks in advance for your replies.
Gary


Replies (5)

RE: Problem with connecting to remote LDAP - Added by Muntek Singh at 2011-06-30 09:48 pm

I know we had a nice discussion about this in IRC, did you get this figured out?

RE: Problem with connecting to remote LDAP - Added by Marcin Garski at 2011-07-04 07:49 am

It still doesn't work, I'm still facing the problem. One question: should I log in normally, by putitng just login and pass, or shuldd I add sth. like : "domain_name/login" ?

RE: Problem with connecting to remote LDAP - Added by Felix Schäfer at 2011-07-04 09:00 am

Is this on a "normal" LDAP oder on a Windows thing?

RE: Problem with connecting to remote LDAP - Added by Marcin Garski at 2011-07-04 09:31 am

OpenLDAP on Debian Lenny + Samba on this same host.

RE: Problem with connecting to remote LDAP - Added by Holger Just at 2011-07-04 09:56 am

As I said in our IRC conversation, you should try to use ldapsearch to make sure you have the correct (and expected configuration and to actually configure ChiliProject accordingly.

ChiliProject is going to basically run the following query (to be run on the terminal):

ldapsearch -h my.ladp.server -D "superuser" -W -b "dc=arex,dc=pl" '(&(objectClass=*)(uid=USERNAME))' uid sN givenName mail

This query includes the following variables which you have to adapt to your local needs:

  • my.ladp.server: Servername of your LDAP server.
  • superuser: Bind DN for an LDAP user being able to read the whole user database. You also need a password for that one.
  • dc=arex,dc=pl: Base DN. Basically the root node of all your user objects in the LDAP.
  • uid: The attribute on your user objects which stores the login
  • sN: The attribute on your user objects which stores the last name
  • givenName: The attribute on your user objects which stores the given (first) name
  • mail: The attribute on your user objects which stores the email address
  • USERNAME: The username of the user you try to login (i.e. the value of the uid attribute of that user object).

If you have no idea about the attributes, you could use the following query to output the whole LDAP tree. But be careful, it will probably be a huge amount of data. You might want to additionally filter it.

ldapsearch -h my.ladp.server -D "superuser" -W -b "dc=arex,dc=pl" '(objectClass=*)'

[EDIT]

The attribute used for the login is not really standardized. OpenDS (and probably OpenLDAP) installations typically use the uid field. Windows AD uses the legacy sAMAccountName attribute.

(1-5/5)