Issue #266 resolved

Unable to set up Active directory authentication

moleung
created an issue

Hi friend,

I am trying to set up Active directory authentication. However i am fail to pass the "test connection" no matter how i tried. And this is my setting:

Profile: ActiveDictory

Base DN: dc=example,dc=com

connection DN: cn=Administrator,cn=Users,dc=example,dc=com

connection Password: **

Host URL: ldap://192.168.18.151:389

which example.com is only an example and the connection DN is the default administrator account of the AD. 192.168.18.151 is windows server 2012, but encounter the same problem in server 2008. And this is the test result:

Connection: SUCCESS

Search user: FAILURE

Authenticate user: FAILURE

Returned user is valid: FAILURE

Exception: Unprocessed Continuation Reference(s)

I am sure that my windows server can work with ldap properly coz i am using ldap logon in other web portal with the same windows server. Please help!!

Comments (21)

  1. Sebastian Sdorra repo owner

    It looks like your active directory uses referrals, which are currently not supported. I will create a new version of the plugin with support for referrals.

    Which version of scm-manager do you use? I hope 1.2 is not correct.

  2. moleung reporter

    here is part of the log

    [jetty-io-7.6.5.v20120716.jar:7.6.5.v20120716] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-7.6.5.v20120716.jar:7.6.5.v20120716] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-7.6.5.v20120716.jar:7.6.5.v20120716] at java.lang.Thread.run(Thread.java:722) [na:1.7.0_07] Caused by: javax.naming.CommunicationException: example.com:389 at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92) ~[na:1.7.0_07] at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150) ~[na:1.7.0_07] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357) ~[na:1.7.0_07] at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226) ~[na:1.7.0_07] ... 100 common frames omitted Caused by: java.net.UnknownHostException: example.com at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:178) ~[na:1.7.0_07] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391) ~[na:1.7.0_07] at java.net.Socket.connect(Socket.java:579) ~[na:1.7.0_07]

    I am wondering why the scm manager will find my AD by the domain name (example.com) but not the host URL I entered (ldap://192.168.18.151:389). Maybe that's why it throw a UnknownHostException coz my DNS do not have a zone record of example.com

  3. Sebastian Sdorra repo owner

    It looks like your ldap server has referrals to other ldap-servers or to another tree in the ldap. Ldap referrals are made with ldap urls and this urls contain the hostname of referenced ldap and it seems that this host name could not be resolved by the scm-manager server.

  4. Michael Chan

    Hi Sebastian,

    I am a colleague of moleung and would like to follow up on this issue together, because the LDAP linkage is quite important while we are preparing a Redmine system.

    We have checked our server and the target hostname should be able to be resolved as normal. As we have full control on the Active Directory setting, we would like to know whether we should make changes on the server instead, like "disable" the LDAP referral option so as to allow SCM to link with our Active Directory.

    Thanks in advance and we are trying to solve the issue in our side. Much appreciated in case you can give us some idea.

  5. Sebastian Sdorra repo owner

    I've created a new version of the ldap plugin, which allows the configuration of a referral strategy. If the referral is not important for the authentication you can set the referral strategy to IGNORE. Could you please test version 1.18 of the scm-auth-ldap-plugin.

  6. Michael Chan

    After changing the referral strategy to IGNORE the problem remains the same.

    However we tried using another profile (Active Directory instead of Custom) again and now it works! Wondering whether we have wrongly configured any fields before (quite likely the Connection DN field)... and it works properly too when the Referral Strategy is set to FOLLOW (should be the default value).

    Sorry for bothering and thanks very much again for the great app. Cheers!

  7. Log in to comment