Modify

Opened 14 years ago

Last modified 6 years ago

#6714 new defect

TracLDAPAuth fails with MS AD if login != CN

Reported by: anonymous Owned by:
Priority: normal Component: TracLdapAuthPlugin
Severity: normal Keywords:
Cc: zhijiex@… Trac Release: 0.11

Description

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

Attachments (0)

Change History (4)

comment:1 Changed 11 years ago by Nikolaos Papagrigoriou

Owner: changed from Jeff Hammel to Nikolaos Papagrigoriou

comment:2 Changed 11 years ago by Russell Ballestrini

That is not true I have it working. Our usernames are flastname but our CN is lastname\, firstname

You need to figure out your search filter to get this to work.

host_url = ad server
base_dn = the DN all your valid users should be part of
bind_user = user@domain
bind_password = 
search_scope = subtree
search_filter = (&(objectClass=user)(sAMAccountName=%s))

Our "usernames" are really the sAMAccountName, so we need the search_filter

comment:3 in reply to:  description Changed 11 years ago by Nikolaos Papagrigoriou

Replying to anonymous:

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

I guess you deployed the latest release found here:

source:/tracldapauthplugin/tags/1.2/

Did you manage to solve your problem by changing the search filter as Russel suggested?

comment:4 Changed 6 years ago by Ryan J Ollos

Owner: Nikolaos Papagrigoriou deleted

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.