mirror of
https://github.com/lldap/lldap.git
synced 2026-04-25 16:25:55 +03:00
[GH-ISSUE #871] [INTEGRATION] AMP by cubecoders #313
Labels
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/lldap-lldap#313
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @Toylerrr on GitHub (Mar 18, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/871
Checklist
Working on getting LLDAP to work with AMP by cubecoders
This is the config:
This is what Cubecoders states should be the settings
This is the function that does the query within AMP
This is the Error that I am getting in the console in AMP after login
Am I missing something simple? because I cant seem to get it to work.
This is my config that lead to the LDAP exception
@nitnelave commented on GitHub (Mar 18, 2024):
Hey! It would help to have the LLDAP verbose logs, so we can see the query that was made, how it was interpreted, and why it returned an error (I try to have good error message, but clients don't always surface them).
Off the top of my head, things that I see that might be causing problems:
Login.LDAP3Host=IPADDRESS:3890/OU=people: Why/OU=people? You already limit it below. I'm not sure how well that parameter is supported, I haven't seen it used much.Login.LDAPUserDomain=DOMAIN.xyz: Do you know if that's supposed to be a domain or aDC=DOMAIN,DC=xyz?Login.LDAPADPre2000=TrueandLogin.LDAPStripDomainFromFilter=True: No idea what these do.directorySearcher.Filter = $"(&(objectClass=person)(objectCategory=user)(sAMAccountname={username}))";: thesAMAccountnameattribute is not built-in. You can add it as a custom attribute and set it (manually) for every user, but that's not ideal. Ideally, AMP would allow you to set another attribute as the used id, likeuid.@Toylerrr commented on GitHub (Mar 18, 2024):
Thanks for the quick response
How would I go about setting LLDAP to have verbose logs
To answer your questions:
Login.LDAP3Host=IPADDRESS:3890/OU=peopleThis was set during my testing just trying to get things working in reading thisLogin.LDAPUserDomain=DOMAIN.xyzfrom their documentation it seems like it wants a url it seems to be used for the old LDAP implementation that was left over after a rewriteLogin.LDAPUserDomain=example.org //The server to authenticate against. Requires that the hostname of the server and the query DN match, and that the DNS server has appropriate records to identify the server.Login.LDAPADPre2000=TrueandLogin.LDAPStripDomainFromFilter=True: This is more testing stuff on my end.Login.LDAPADPre2000=False //When enabled, uses \ instead of @ to separate the user and domain and uses the opposing order. E.g. "User@Example.org" becomes "Example.org\User"and
Login.LDAPStripDomainFromFilter=False //If enabled, then logging in with simply "User@Domain" will be changed to be just "User"Seems like I cant change the attribute it searches so might have to set sAMAccountname manually to work
@nitnelave commented on GitHub (Mar 18, 2024):
For setting verbose mode, you can change the
verbosesetting in the LLDAP config, or set theLLDAP_VERBOSE=trueenv variable.Regarding
Login.LDAP3Host=IPADDRESS:3890/OU=people, I honestly don't know how it gets translated into an LDAP query... but thankfully, that's where the verbose logs come in!@Toylerrr commented on GitHub (Mar 18, 2024):
Getting tired of sanitizing my logs and config so imma stop lol
Log:
Config:
Amp Error:
I removed the /OU=people from the url so that changed the error message.
@nitnelave commented on GitHub (Mar 18, 2024):
Well, I'm not sure how you got that, but the query filter contains a
objectClass=userinstead of person, so that won't match anything.And then, trying to match on the samacountname also fails (because the attribute doesn't exist).
Thankfully, with the recent versions you can fix both problems: you can add a custom object class to users (the "user" class) and you can create the custom attribute for samacountname. Just make sure you're using a version from at least march, so latest or one of the daily docker images.
As for actually setting the attributes, check out lldap-cli by Zepmann https://github.com/Zepmann/lldap-cli
The web UI is not complete yet.
@nitnelave commented on GitHub (Aug 16, 2024):
Are you still blocked here?