-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Baremetal instalation, problem with ldap #2226
Comments
Hello. It looks like there may be an error in MISO's internal LDAP config. I'm looking into it today |
The fix is in #2227, which will be included in the next release. Once it gets merged, I'll post instructions that you can use to try it out before the release if you'd like. |
Hello, |
Yes, you can try out the fix that way if you'd like. It is probably the simpler immediately-available option. The other option would be to build and deploy the current develop branch now that the patch is merged. The problem with this is that you'd have to apply the new database migrations that are in develop, and that would put your database in a state where you wouldn't be able to simply migrate to the next release version. The third option is to wait until Thursday when we prepare the next release. Let us know when you try it out and whether there are any other problems. Thanks for reporting the problem too |
Hello, |
In the properties file, I think you want to do What |
ldapsearch -h fido2.img.local -x -D uid=l_ldap_ro,cn=users,cn=accounts,dc=img,dc=local -w xxxxxxxxx -b cn=accounts,dc=img,dc=local uid=mza | grep objectClass objectClass: CiscoPerson |
Hi Michal, That's very interesting that your user has I've merged a feature into the develop branch that should clear the error you were seeing. If you could pull the latest code from develop, rebuild and deploy MISO, and try logging in again, that would be a great help for us to debug this issue. Please let us know if you have any further questions or issues! Regards, |
Hello all, with the develop version ldap login works ;-). Thank you so much. I have one last question, I hope. What LDAP attributes are mapped to Full name and Email address? For my test user (mza), the Full name is "mza" not "MichalZ Test_User" and the email is empty. |
Can you try modifying
(add the I think with this change, you'll get the correct full name and email. Try rebuilding and deploying with that change and let us know if that does it. If so, we'll make sure this change gets into the next release |
Hello, with this modification are full name and email correctly loaded from ldap. Everything seem work just fine, thanks again. I have only one small issue. Our users have more then one email address (mail is multivalued attribute) and the order in which ldap returns mail attributes is completely random. That's why we have "primary mail" (firstname.lastname@domain) stored in another ldap attribute "l", so would be possible to change "mail" to "l" as the source of email at Miso users detail? |
I think I have a fix that will allow you to specify a custom attribute for email. In
Then checkout, build, and deploy from the branch |
No change, still using mail attribute. Best regards, |
Did you add the line to your |
Yes, to the /storage/miso/security.properties. |
For now, I have a PR in to fix full name and email retrieval using the regular mail attribute (#2238). I'll keep this issue open as a request to allow specifying a custom email attribute |
Hello,
I have done baremetal instalation and Miso works perfectly with -Dsecurity.jdbc in setenv.sh, but if I change it to -Dsecurity.ldap and "/storage/miso/security.properties" to security.method:ldap, there is error in the catalina.out log and miso will not start.
Error:
Cannot convert value of type 'uk.ac.bbsrc.tgac.miso.core.security.LdapMappedAuthoritiesPopulator' to required type 'org.springframework.security.authentication.AuthenticationProvider': no matching editors or conversion strategy found.
Did I miss some steps in the configuration? I double check all baremetal guide, but I cannot find any more configuration related to ldap.
Thanks a lot for any help.
Best regards,
Michal
miso_ldap.log
The text was updated successfully, but these errors were encountered: