Modify

Opened 7 years ago

Last modified 4 years ago

#6714 new defect

TracLDAPAuth fails with MS AD if login != CN

Reported by: anonymous Owned by: Nikolaos Papagrigoriou
Priority: normal Component: TracLdapAuthPlugin
Severity: normal Keywords:
Cc: zhijiex@… Trac Release: 0.11

Description

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

Attachments (0)

Change History (3)

comment:1 Changed 4 years ago by Nikolaos Papagrigoriou

Owner: changed from Jeff Hammel to Nikolaos Papagrigoriou

comment:2 Changed 4 years ago by Russell Ballestrini

That is not true I have it working. Our usernames are flastname but our CN is lastname\, firstname

You need to figure out your search filter to get this to work.

host_url = ad server
base_dn = the DN all your valid users should be part of
bind_user = user@domain
bind_password = 
search_scope = subtree
search_filter = (&(objectClass=user)(sAMAccountName=%s))

Our "usernames" are really the sAMAccountName, so we need the search_filter

comment:3 in reply to:  description Changed 4 years ago by Nikolaos Papagrigoriou

Replying to anonymous:

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

I guess you deployed the latest release found here:

source:/tracldapauthplugin/tags/1.2/

Did you manage to solve your problem by changing the search filter as Russel suggested?

Modify Ticket

Action
as new The owner will remain Nikolaos Papagrigoriou.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.