Issue #325 resolved

LDAP: Returned user is valid: FAILURE

LayfonWeller
created an issue

Unable to make LDAP work, it tells me:

Connection: SUCCESS Search user: SUCCESS Authenticate user: SUCCESS Returned user is valid: FAILURE

So, LDAP server seems to work and validate password fine, however, the test is still a failure.

I made a user with the exact same uid, cn and mail. I even made a group in scm-manager that fits the user.

If a left LDAP disabled, I'm able to connect to that user, but with LDAP enabled, I can't.

I'm new to LDAP... and scm-manager...

Additional info: the user I tried with is a admin in scm-manager. I don't think he is in LDAP (don't know how to set a admin right now, and for me it's logical that that user is only an admin for scm-manager and not for the other sites)

I'm using Apache Directory has a LDAP. And scm-manager is the first site to be connected by LDAP.

If you need any info, please ask.

Comments (7)

  1. Sebastian Sdorra repo owner
    • changed status to open

    The failure at user validation could be a missing displayname or a non valid mail address (for more details have a look at the isValid method of the User class. You should see a warning in the log file which prints the complete user object.

    You do not have to create a local user, scm-manager creates the user on the first login.

  2. santa niake2

    Here's what the logs says when I test connection:

    21:26:35.860 [qtp2055398614-21] WARN  sonia.scm.cache.EhCacheManager - could not find cache sonia.cache.activity, create new from defaults
    21:26:46.067 [qtp2055398614-22] INFO  sonia.scm.plugin.DefaultPluginManager - fetch plugin informations from http://plugins.scm-manager.org/scm-plugin-backend/api/1.27/plugins?os=Linux&arch=64&snapshot=false
    21:27:06.422 [qtp2055398614-24] WARN  sonia.scm.auth.ldap.LDAPAuthenticationContext - the returned user is not valid: User{name=layfon, displayName=null, mail=santaniake2@gmail.com, password=(not set), admin=false, type=ldap, active=true, creationDate=null, lastModified=null, properties={}}
    21:43:01.677 [qtp2055398614-22] WARN  sonia.scm.auth.ldap.LDAPAuthenticationContext - the returned user is not valid: User{name=layfon, displayName=null, mail=myemail@server.com, password=(not set), admin=false, type=ldap, active=true, creationDate=null, lastModified=null, properties={}}
    

    I noticed that display name is null. If I got LDAP right, display name is the the uid parameter, right? I have the user set up has follow:

    objectclass: inetOrgPerson
    objectclass: organizationalPerson
    objectclass: person
    objectclass: top
    cn: layfon
    sn: Mistral
    description: Programer
    givenname: Victor
    mail: myemail@server.com
    uid: Layfon Weller
    userpassword:: Hashed
    

    My guess is that I must have badly setup same thing, but from what I get of LDAP, cn or uid in the display name (well a google search seem to say so)

    Thank you a lot for helping a newb like me out!

  3. LayfonWeller reporter

    Humm, forgetted to mention: I'm using Apache Directory Version 2 milestone 10.

    Maybe the issues lies there: is the pluggin compatible with version 2?

    I could just change for version 1.something too... Might also help with jira.

  4. Sebastian Sdorra repo owner

    Do you use the "Apache Directory Server" profile? The profile does not fit with your ldap accounts. You have to use the custom profile and change the attribute mapping. In your case the mapping should look like the following:

    • Id: cn
    • fullname: uid
    • mail: mail

    But in the most cases the username is stored in the uid attribute and the full name is stored in the cn attribute.

  5. LayfonWeller reporter

    Thank you a lot! It now works!

    By the way, I appreciated the links, they were a great source of info and should come up handy in the future.

  6. Log in to comment