Modify

Opened 7 years ago

Last modified 4 years ago

#6714 new defect

TracLDAPAuth fails with MS AD if login != CN

Reported by: anonymous Owned by: Nikolaos Papagrigoriou
Priority: normal Component: TracLdapAuthPlugin
Severity: normal Keywords:
Cc: zhijiex@… Trac Release: 0.11

Description

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

Attachments (0)

Change History (3)

comment:1 Changed 4 years ago by Nikolaos Papagrigoriou

Owner: changed from Jeff Hammel to Nikolaos Papagrigoriou

comment:2 Changed 4 years ago by Russell Ballestrini

That is not true I have it working. Our usernames are flastname but our CN is lastname\, firstname

You need to figure out your search filter to get this to work.

host_url = ad server
base_dn = the DN all your valid users should be part of
bind_user = user@domain
bind_password = 
search_scope = subtree
search_filter = (&(objectClass=user)(sAMAccountName=%s))

Our "usernames" are really the sAMAccountName, so we need the search_filter

comment:3 in reply to:  description Changed 4 years ago by Nikolaos Papagrigoriou

Replying to anonymous:

TracLDAPAuth is not work if login name is not same as CN. The error is: invalid name or password. But TracLDAPAuth is working fine if login name is same as CN=%s. So I guess that TracLDAPAuth works fine assuming login == CN and given to failure.

I guess you deployed the latest release found here:

source:/tracldapauthplugin/tags/1.2/

Did you manage to solve your problem by changing the search filter as Russel suggested?

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The owner will remain Nikolaos Papagrigoriou.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.