-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login ldapActiveDirectory Not Working #4
Comments
By memory you don't need to specify I.E.: "ldapActiveDirectory": {
// Active directory
"url": "79.123.184.30",
"port": 389,
"ssl": false,
"bindDn": "DC=hitit,DC=edu,DC=tr",
"bindCredentials": "******",
"searchBase": "CN=Users,DC=hitit,DC=edu,DC=tr",
// "searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"searchFilter": "(&(objectClass=user)(SAMAccountName={0}))",
// Example: If you use a redis instead of in-memory
//"redis": "localhost:32771,ssl=false"
} |
Can we look at it with remote connectivity? even though it was not |
I will try to reproduce locally. I don't have much time recently. But I'll do as fast as I can. However it seems your U/P are wrong. Are you using Active Directory or you're using OpenLdap ? |
Active Directory |
services.AddIdentityServer() |
Hi , |
Hi Nordes |
For me it works with a configuration like the following: {
"ldap": {
"url": "150.17.40.40",
"bindDn": "CN=ReadOnlyUserInAD,CN=users,DC=dev-svr,DC=local",
"bindCredentials": "×××××××",
"searchBase": "cn=users,DC=dev-svr,DC=local",
"searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"redis": "localhost:32778,ssl=false",
// We keep the user data for about 10 minutes (Is that good?)
"refreshClaimsInSeconds": 600
},
"ConnectionStrings": {
"DefaultConnection": "server=localhost\\sqlexpress;database=eftest;trusted_connection=yes;MultipleActiveResultSets=true"
}
} I think that your issue is the bindDN where it's supposed to be the user who have an access in readonly (or also write) in the LDAP. That account is used to validate that the username exists before doing an authentication under the connecting account. This is mainly because if in the future we want to have a "add user feature" we could do it using the same connector. The users could be used within an auto-complete, by example. |
"ldapActiveDirectory": {
// Active directory
"url": "LDAP://79.123.184.30",
"port": 389,
"ssl": false,
"bindDn": "DC=hitit,DC=edu,DC=tr",
"bindCredentials": "******",
"searchBase": "CN=Users,DC=hitit,DC=edu,DC=tr",
// "searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"searchFilter": "(&(objectClass=user)(SAMAccountName={0}))",
// Example: If you use a redis instead of in-memory
//"redis": "localhost:32771,ssl=false"
}
The text was updated successfully, but these errors were encountered: