Bug #7003: Unable to connect to AD through ldap login module - Foreman

Bug #7003

Unable to connect to AD through ldap login module

Added by Leah Fisher almost 8 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Daniel Lobato Garcia

Category:

Authentication

Target version:

1.6.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/1673

Fixed in Releases:

Found in Releases:

Nightly

Description

Using settings that worked with the 1.5.2, I am unable to connect to AD for logins in the nightly release. I see the following in the logs:

LDAP-Auth with User lrf
Error during authentication: LdapError: no start_tls result
invalid user

I am trying to connect to the ldap server over ldaps.

Related issues

Associated revisions

Revision 02432b49 (diff)
Added by Daniel Lobato Garcia almost 8 years ago

Fixes #7003 - Revert LDAP to simple_tls

Revision 6733d911 (diff)
Added by Daniel Lobato Garcia almost 8 years ago

Fixes #7003 - Revert LDAP to simple_tls

(cherry picked from commit 02432b498a6b01faed2615e4ddbc16f38648ea35)

History

#1 Updated by Jason Berry almost 8 years ago

Git log of file app/models/auth_sources/auth_source_ldap.rb shows commit 6421fa1ca91743085dd5460a82db37388d520638 changed the tls method from "simple_tls" to "start_tls".

#2 Updated by Dominic Cleal almost 8 years ago

Related to Feature #813: Support AD group membership for authorization and authentication added

#3 Updated by Dominic Cleal almost 8 years ago

Related to Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL added

#4 Updated by Dominic Cleal almost 8 years ago

Category set to Authentication
Legacy Backlogs Release (now unused) set to 10

Yeah, we seem to be muddled about this. The UI label used to say "TLS" although it was SSL-on-connect (LDAPS), we just fixed that and then changed the implementation to TLS (which I hadn't realised during review, good find Jason) while implementing group support and ldap_fluff.

Does AD provide TLS/STARTTLS style, or only LDAPS? If not, we should do both I think.

#5 Updated by The Foreman Bot almost 8 years ago

Status changed from New to Ready For Testing
Target version set to 1.7.5
Pull request https://github.com/theforeman/foreman/pull/1673 added
Pull request deleted ()

#6 Updated by Daniel Lobato Garcia almost 8 years ago

Thanks Leah and Jason, I've reverted the change in the attached PR. I also opened http://projects.theforeman.org/issues/7016 to track support of StartTLS.

#7 Updated by Dominic Cleal almost 8 years ago

Related to Bug #7016: Make Foreman support StartTLS added

#8 Updated by Dominic Cleal almost 8 years ago

Assignee set to Daniel Lobato Garcia

#9 Updated by Leah Fisher almost 8 years ago

Related to Bug #7066: Unable to bind with DOMAIN\$login any longer added

#10 Updated by Leah Fisher almost 8 years ago

Related to Bug #7065: LDAP not able to authenticate user when password has a space in it added

#11 Updated by Daniel Lobato Garcia almost 8 years ago

Status changed from Ready For Testing to Closed
% Done changed from 0 to 100

Applied in changeset 02432b498a6b01faed2615e4ddbc16f38648ea35.

Also available in: Atom PDF

Related to Foreman - Feature #813: Support AD group membership for authorization and authentication	Closed	2011-03-31
Related to Foreman - Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL	Closed	2014-04-23
Related to Foreman - Bug #7016: Make Foreman support StartTLS	Closed
Related to Foreman - Bug #7066: Unable to bind with DOMAIN\$login any longer	Closed	2014-08-13
Related to Foreman - Bug #7065: LDAP not able to authenticate user when password has a space in it	New	2014-08-13

Project

General

Profile

Issues

Custom queries