Issue #409 resolved

authenticate user against Llocal machine, LDAP and AD

Anonymous created an issue

I installed AD plugin to check if it is possible to authenticate my user agains LDAP and is there is no user to check AD next.

But there is no configuration for AD possible when using LDAP. Is that right?

Is it not possible to use both?

Comments (11)

  1. Sebastian Sdorra repo owner
    • changed status to open

    Which version of scm-manager do you use and which plugin (with versions) do you have installed? Do you use an Active Directory and a LDAP-Server in your environment?

  2. bernd_lambertz

    SCM-Manager version is 1.31 AD plugin version 1.8 LDAP plugin version 1.19

    Yes, we use both (AD and LDAP) in the enviroment. Users are handle the same way but there are differences for system or service accounts. We need both for LDAP groups and AD service accounts.

  3. bernd_lambertz

    I try this today, but I got an error for this user prior to any AD check

    TRACE sonia.scm.api.rest.resources.AuthenticationResource - authentication failed for user xxxx org.apache.shiro.authc.AccountException: authentication failed

    Any possibility to define order for authentication ckeck i.e. local (xml) - AD - LDAP?

  4. bernd_lambertz

    sorry, my mistake - SCM Manager trys AD first.....

    Came back with DEBUG sonia.scm.activedirectory.auth.ActiveDirectoryAuthenticationHandler - could not find dn of user XXX

    Will check what the issue is......

  5. bernd_lambertz

    After some investigation - looks like AD plugin is connection to AD try to autenticate user xyz in context DC=xxx,DC=yyy,DC=net This is correct! But the user could not be found sonia.scm.activedirectory.auth.ActiveDirectoryAuthenticationHandler - could not find dn of user xyz

    Looks like the standard configuration from plugin does not fit to my requirements as this is a service account and no user account?!?

  6. bernd_lambertz

    That's exacly what I did in the meantime and according to method getDnOfUserOrGroup I used sAMAccountName instead of distinguishedName and that works!

    Thanks for your support!

  7. Log in to comment