Bug #7003
closed
Unable to connect to AD through ldap login module
Added by Leah Fisher about 10 years ago.
Updated about 6 years ago.
Description
Using settings that worked with the 1.5.2, I am unable to connect to AD for logins in the nightly release. I see the following in the logs:
LDAP-Auth with User lrf
Error during authentication: LdapError: no start_tls result
invalid user
I am trying to connect to the ldap server over ldaps.
Git log of file app/models/auth_sources/auth_source_ldap.rb shows commit 6421fa1ca91743085dd5460a82db37388d520638 changed the tls method from "simple_tls" to "start_tls".
- Related to Feature #813: Support AD group membership for authorization and authentication added
- Related to Bug #5414: LDAP + TLS is not LDAP + TLS but LDAP + SSL added
- Category set to Authentication
- Translation missing: en.field_release set to 10
Yeah, we seem to be muddled about this. The UI label used to say "TLS" although it was SSL-on-connect (LDAPS), we just fixed that and then changed the implementation to TLS (which I hadn't realised during review, good find Jason) while implementing group support and ldap_fluff.
Does AD provide TLS/STARTTLS style, or only LDAPS? If not, we should do both I think.
- Status changed from New to Ready For Testing
- Target version set to 1.7.5
- Pull request https://github.com/theforeman/foreman/pull/1673 added
- Pull request deleted (
)
- Related to Bug #7016: Make Foreman support StartTLS added
- Assignee set to Daniel Lobato Garcia
- Related to Bug #7066: Unable to bind with DOMAIN\$login any longer added
- Related to Bug #7065: LDAP not able to authenticate user when password has a space in it added
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Related to Feature #36026: Make Foreman support StartTLS on LDAP connections added
Also available in: Atom
PDF