Bug #7003
Unable to connect to AD through ldap login module
Description
Using settings that worked with the 1.5.2, I am unable to connect to AD for logins in the nightly release. I see the following in the logs:
LDAP-Auth with User lrf
Error during authentication: LdapError: no start_tls result
invalid user
I am trying to connect to the ldap server over ldaps.
Related issues
Associated revisions
Fixes #7003 - Revert LDAP to simple_tls
(cherry picked from commit 02432b498a6b01faed2615e4ddbc16f38648ea35)
History
#1
Updated by Jason Berry almost 8 years ago
Git log of file app/models/auth_sources/auth_source_ldap.rb shows commit 6421fa1ca91743085dd5460a82db37388d520638 changed the tls method from "simple_tls" to "start_tls".
#2
Updated by Dominic Cleal almost 8 years ago
- Related to Feature #813: Support AD group membership for authorization and authentication added
#3
Updated by Dominic Cleal almost 8 years ago
- Related to Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL added
#4
Updated by Dominic Cleal almost 8 years ago
- Category set to Authentication
- Legacy Backlogs Release (now unused) set to 10
Yeah, we seem to be muddled about this. The UI label used to say "TLS" although it was SSL-on-connect (LDAPS), we just fixed that and then changed the implementation to TLS (which I hadn't realised during review, good find Jason) while implementing group support and ldap_fluff.
Does AD provide TLS/STARTTLS style, or only LDAPS? If not, we should do both I think.
#5
Updated by The Foreman Bot almost 8 years ago
- Status changed from New to Ready For Testing
- Target version set to 1.7.5
- Pull request https://github.com/theforeman/foreman/pull/1673 added
- Pull request deleted (
)
#6
Updated by Daniel Lobato Garcia almost 8 years ago
Thanks Leah and Jason, I've reverted the change in the attached PR. I also opened http://projects.theforeman.org/issues/7016 to track support of StartTLS.
#7
Updated by Dominic Cleal almost 8 years ago
- Related to Bug #7016: Make Foreman support StartTLS added
#8
Updated by Dominic Cleal almost 8 years ago
- Assignee set to Daniel Lobato Garcia
#9
Updated by Leah Fisher almost 8 years ago
- Related to Bug #7066: Unable to bind with DOMAIN\$login any longer added
#10
Updated by Leah Fisher almost 8 years ago
- Related to Bug #7065: LDAP not able to authenticate user when password has a space in it added
#11
Updated by Daniel Lobato Garcia almost 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 02432b498a6b01faed2615e4ddbc16f38648ea35.
Fixes #7003 - Revert LDAP to simple_tls