iceScrum | Help with ldap – iceScrum

iceScrum Forums Discuss on iceScrum

Viewing 3 posts - 1 through 3 (of 3 total)

  • Author
    Posts
  • #875143

    elendrys
    Participant

    Hello,

    Using IS 7.2 with ldap enabled, I can’t make it work. When I look at the debug logs I can see:

    2021-07-09 13:35:31,556 [http-nio-8080-exec-8] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate  - Searching for entry under DN '', base = 'dc=example,dc=com', filter = '(&(objectClass=inetOrgPerson)(uid={0}))'
    2021-07-09 13:35:31,559 [http-nio-8080-exec-8] DEBUG org.springframework.security.ldap.SpringSecurityLdapTemplate  - Found DN: uid=elendrys,ou=people,dc=example,dc=com
    2021-07-09 13:35:31,567 [http-nio-8080-exec-8] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator  - Attempting to bind as uid=elendrys,ou=people,dc=example,dc=com
    2021-07-09 13:35:31,651 [http-nio-8080-exec-8] DEBUG org.springframework.security.ldap.authentication.BindAuthenticator  - Retrieving attributes...
    2021-07-09 13:35:31,662 [http-nio-8080-exec-8] DEBUG org.springframework.security.authentication.ProviderManager  - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
    2021-07-09 13:35:31,673 [http-nio-8080-exec-8] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider  - Authentication failed: password does not match stored value

    But when I look at my ldap logs, I can see the search request with the manager DN but there is no bind attempt at all afterward.

    Any clue ?

    grails.plugin.springsecurity.ldap.active = true
    grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = false
    grails.plugin.springsecurity.ldap.context.anonymousReadOnly = false
    grails.plugin.springsecurity.ldap.context.managerDn = "cn=manager,dc=example,dc=com"
    grails.plugin.springsecurity.ldap.context.managerPassword = "supasecret"
    grails.plugin.springsecurity.ldap.context.server = "ldaps://directory.example.com:636"
    grails.plugin.springsecurity.ldap.search.base = "dc=example,dc=com"
    grails.plugin.springsecurity.ldap.search.filter = "(&(objectClass=inetOrgPerson)(uid={0}))"
    grails.plugin.springsecurity.ldap.search.searchSubtree = true
    #875154

    elendrys
    Participant

    I didn’t tell we are moving to a new ldap server. We updated the config to match the new DIT and servers. Rolling back configuration didn’t make it work like it was. The usernames are the same, but the default email is not.

    Regards

    #875167

    elendrys
    Participant

    After some digging it was the expired license causing this. Thank you Nicolas for your help !

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.