Modify

Opened 4 years ago

Last modified 12 months ago

#6714 new defect

TracLDAPAuth fails with MS AD if login != CN

Reported by: anonymous Owned by: papagr
Priority: normal Component: TracLdapAuthPlugin
Severity: normal Keywords:
Cc: zhijiex@… Trac Release: 0.11

Description

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

Attachments (0)

Change History (3)

comment:1 Changed 15 months ago by papagr

  • Owner changed from k0s to papagr

comment:2 Changed 13 months ago by russell.ballestrini@…

That is not true I have it working. Our usernames are flastname but our CN is lastname\, firstname

You need to figure out your search filter to get this to work.

host_url = ad server
base_dn = the DN all your valid users should be part of
bind_user = user@domain
bind_password = 
search_scope = subtree
search_filter = (&(objectClass=user)(sAMAccountName=%s))

Our "usernames" are really the sAMAccountName, so we need the search_filter

comment:3 in reply to: ↑ description Changed 12 months ago by papagr

Replying to anonymous:

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

I guess you deployed the latest release found here:

source:/tracldapauthplugin/tags/1.2/

Did you manage to solve your problem by changing the search filter as Russel suggested?

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.