Skip to Content.
Sympa Menu

en - Re: [sympa-users] Can´t authenticate to windows active directory

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] Can´t authenticate to windows active directory

Chronological Thread  
    < Chronological >       < Thread >
  • From: Hanno van den Boogaard <address@concealed>
  • To: Soji Ikeda <address@concealed>
  • Cc: "address@concealed" <address@concealed>
  • Subject: Re: [sympa-users] Can´t authenticate to windows active directory
  • Date: Fri, 16 Feb 2018 15:37:27 +0000

Hi Soji,

 

I tried both. Even without bind user and password.

I can connect with ldapsearch linux tool from my sympa server to the active directory ldap server.

I think the active directory connect works differently. Also found the following in the documentation. I don't think that will help me with the auth.conf

 

https://www.sympa.org/manual/ldap

Active Directory having quite a specific functionning, Steve Shipway found a way to make it work with Sympa. Here is his guidelines to achieve this goal. 

First, create a service account in your LDAP so that Sympa can connect. This only needs read-only access. 

You need to use a 2level query, since AD stores DNs against group membership. Also, note that if using a .incl file to define external list admins, you cannot pass a full DN as a parameter as it contains commas (I’ve logged a bug report for this).

 

Kind Regards,

Hanno

 

Hanno van den Boogaard

System Administration

address@concealed

 

 

Von: Soji Ikeda <address@concealed>
Datum: Freitag, 16. Februar 2018 um 03:37
An: Hanno van den Boogaard <address@concealed>
Cc: "address@concealed" <address@concealed>
Betreff: Re: [sympa-users] Can´t authenticate to windows active directory

 

Hi,


2018/02/16 0:22Hanno van den Boogaard <address@concealed>のメール:

Hello Listmasters,

 

Iam new to sympa and I try to authenticate against our windows active directory using the ldap paragraph in the auth.conf without success.

The sympa error log shows:

 

Feb 15 15:35:52 DECGN-MLM01 wwsympa[1288]: err main::#1608 > main::do_renewpasswd#4265 > main::is_ldap_user#3988 > Sympa::Database::connect#154 > (eval)#154 > Sympa::DatabaseDriver::LDAP::_connect#162 Failed to bind to LDAP server ldap://xyz.de.abcd.com:389: (49) 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1

 

My auth conf:

 

ldap

      host                   xyz.de.abcd.com:389

      timeout                10

      bind_dn                         cn=ReaderUser,ou=Users,dc=de,dc=abcd,dc=com

      bind_password                   xxxyyyy

      suffix                dc=de,dc=abcd,dc=com

      get_dn_by_uid_filter        (uid=[sender])

      get_dn_by_email_filter        (|(mail=[sender])(mailalternateaddress=[sender]))

      email_attribute            mail

      scope                sub

 

user_table

        regexp                 .*

 

bind password und dn should be ok.

Are there special configs or sample configs for using windows active directory and auth conf ?

 

 

Result code 49 indicates “Invalid credential”. Bind DN or bind password seems incorrect.

 

I don’t know the details but, with Active Directory LDAP profile, bind DN can be in the form “user@domain” or “domain¥user”.

 

Regards,

— Soji



Local authentication is working.

 

Kind Regards,

Hanno

 

 

Hanno van den Boogaard

System Administration

address@concealed

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.19+.

Top of Page