Project

General

Profile

Actions

Bug #7003

closed

Unable to connect to AD through ldap login module

Added by Leah Fisher about 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Using settings that worked with the 1.5.2, I am unable to connect to AD for logins in the nightly release. I see the following in the logs:

LDAP-Auth with User lrf
Error during authentication: LdapError: no start_tls result
invalid user

I am trying to connect to the ldap server over ldaps.


Related issues 6 (2 open4 closed)

Related to Foreman - Feature #813: Support AD group membership for authorization and authenticationClosedDaniel Lobato Garcia03/31/2011Actions
Related to Foreman - Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSLClosedOri Rabin04/23/2014Actions
Related to Foreman - Bug #7016: Make Foreman support StartTLSClosedActions
Related to Foreman - Bug #7066: Unable to bind with DOMAIN\$login any longerClosedDominic Cleal08/13/2014Actions
Related to Foreman - Bug #7065: LDAP not able to authenticate user when password has a space in itNew08/13/2014Actions
Related to Foreman - Feature #36026: Make Foreman support StartTLS on LDAP connectionsNewActions
Actions #1

Updated by Jason Berry about 10 years ago

Git log of file app/models/auth_sources/auth_source_ldap.rb shows commit 6421fa1ca91743085dd5460a82db37388d520638 changed the tls method from "simple_tls" to "start_tls".

Actions #2

Updated by Dominic Cleal about 10 years ago

  • Related to Feature #813: Support AD group membership for authorization and authentication added
Actions #3

Updated by Dominic Cleal about 10 years ago

  • Related to Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL added
Actions #4

Updated by Dominic Cleal about 10 years ago

  • Category set to Authentication
  • Translation missing: en.field_release set to 10

Yeah, we seem to be muddled about this. The UI label used to say "TLS" although it was SSL-on-connect (LDAPS), we just fixed that and then changed the implementation to TLS (which I hadn't realised during review, good find Jason) while implementing group support and ldap_fluff.

Does AD provide TLS/STARTTLS style, or only LDAPS? If not, we should do both I think.

Actions #5

Updated by The Foreman Bot about 10 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.5
  • Pull request https://github.com/theforeman/foreman/pull/1673 added
  • Pull request deleted ()
Actions #6

Updated by Daniel Lobato Garcia about 10 years ago

Thanks Leah and Jason, I've reverted the change in the attached PR. I also opened http://projects.theforeman.org/issues/7016 to track support of StartTLS.

Actions #7

Updated by Dominic Cleal about 10 years ago

  • Related to Bug #7016: Make Foreman support StartTLS added
Actions #8

Updated by Dominic Cleal about 10 years ago

  • Assignee set to Daniel Lobato Garcia
Actions #9

Updated by Leah Fisher about 10 years ago

  • Related to Bug #7066: Unable to bind with DOMAIN\$login any longer added
Actions #10

Updated by Leah Fisher about 10 years ago

  • Related to Bug #7065: LDAP not able to authenticate user when password has a space in it added
Actions #11

Updated by Daniel Lobato Garcia about 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #12

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Related to Feature #36026: Make Foreman support StartTLS on LDAP connections added
Actions

Also available in: Atom PDF