Project

General

Profile

Bug #7003

Unable to connect to AD through ldap login module

Added by Leah Fisher about 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Authentication
Target version:
1.6.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/1673
Team Backlog:
Fixed in Releases:
Found in Releases:
Nightly

Description

Using settings that worked with the 1.5.2, I am unable to connect to AD for logins in the nightly release. I see the following in the logs:

LDAP-Auth with User lrf
Error during authentication: LdapError: no start_tls result
invalid user

I am trying to connect to the ldap server over ldaps.

Related issues

Related to Foreman - Feature #813: Support AD group membership for authorization and authenticationClosed2011-03-31
Related to Foreman - Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSLClosed2014-04-23
Related to Foreman - Bug #7016: Make Foreman support StartTLSNew2014-08-11
Related to Foreman - Bug #7066: Unable to bind with DOMAIN\$login any longerClosed2014-08-13
Related to Foreman - Bug #7065: LDAP not able to authenticate user when password has a space in itNew2014-08-13

Associated revisions

Revision 02432b49 (diff)
Added by Daniel Lobato Garcia about 5 years ago

Fixes #7003 - Revert LDAP to simple_tls

Revision 6733d911 (diff)
Added by Daniel Lobato Garcia almost 5 years ago

Fixes #7003 - Revert LDAP to simple_tls

(cherry picked from commit 02432b498a6b01faed2615e4ddbc16f38648ea35)

History

#1 Updated by Jason Berry about 5 years ago

Git log of file app/models/auth_sources/auth_source_ldap.rb shows commit 6421fa1ca91743085dd5460a82db37388d520638 changed the tls method from "simple_tls" to "start_tls".

#2 Updated by Dominic Cleal about 5 years ago

  • Related to Feature #813: Support AD group membership for authorization and authentication added

#3 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL added

#4 Updated by Dominic Cleal about 5 years ago

  • Category set to Authentication
  • Legacy Backlogs Release (now unused) set to 10

Yeah, we seem to be muddled about this. The UI label used to say "TLS" although it was SSL-on-connect (LDAPS), we just fixed that and then changed the implementation to TLS (which I hadn't realised during review, good find Jason) while implementing group support and ldap_fluff.

Does AD provide TLS/STARTTLS style, or only LDAPS? If not, we should do both I think.

#5 Updated by The Foreman Bot about 5 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.5
  • Pull request https://github.com/theforeman/foreman/pull/1673 added
  • Pull request deleted ()

#6 Updated by Daniel Lobato Garcia about 5 years ago

Thanks Leah and Jason, I've reverted the change in the attached PR. I also opened http://projects.theforeman.org/issues/7016 to track support of StartTLS.

#7 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #7016: Make Foreman support StartTLS added

#8 Updated by Dominic Cleal about 5 years ago

  • Assignee set to Daniel Lobato Garcia

#9 Updated by Leah Fisher about 5 years ago

  • Related to Bug #7066: Unable to bind with DOMAIN\$login any longer added

#10 Updated by Leah Fisher about 5 years ago

  • Related to Bug #7065: LDAP not able to authenticate user when password has a space in it added

#11 Updated by Daniel Lobato Garcia about 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF