1

I've used the instructions from the tuleap documentation (http://tuleap-documentation.readthedocs.io/en/latest/administration-guide/services.html#ldap) to install the LDAP/Active Directory plugin and configure it, however we still can't login with the accounts that are listed in Active Directory source.

Here is my ldap.inc

<?php
$sys_ldap_server = "[FQDN of Domain Controller]";
$sys_ldap_server_type = "ActiveDirectory";
$sys_ldap_dn     = "DC=xxx,DC=xxx,DC=xxx,DC=xxx";
$sys_ldap_bind_dn = "CN=[USERNAME],OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx";
$sys_ldap_bind_passwd = "[PASSWORD]";
$sys_ldap_uid   = "sAMAccountName";
$sys_ldap_eduid = "sAMAccountName";
$sys_ldap_cn    = "cn";
$sys_ldap_mail  = "mail";
$sys_ldap_people_dn     = "OU=xx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx";
$sys_ldap_search_user="(|(sAMAccountName=%words%)(cn=%words%)(mail=%words%))";
$sys_ldap_tooltip_search_user='(&(|(sn=%words%*)(givenName=%words%*)(uid=%words%*))(!(givenName=BoiteVocale))(uid=*))';
$sys_ldap_tooltip_search_attrs='uid;sn;givenName';
$sys_ldap_default_user_status = "A";
$sys_ldap_svn_auth = "0";
$sys_ldap_daily_sync = "1";
$sys_ldap_daily_sync_retention_period = "1";
$sys_ldap_user_management = "1";
$sys_ldap_grp_enabled   = "1";
$sys_ldap_grp_dn        = "OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx";
$sys_ldap_grp_cn        = "cn";
$sys_ldap_grp_uid       = "sAMAccountName";
$sys_ldap_grp_member    = "member";
$sys_ldap_threshold_users_suspension = "";
?>

I have installed the ldapsearch package from yum and performed the following command which returned a successful report of the user from the server

ldapsearch -x -h "[FQDN of Domain Controller]" -LLL -D "CN=[USERNAME],OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx" -w "[PASSWORD]" -b "OU=xx,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=xxx" "sAMAccountName=[Username to search]"

Port 389 is open and listed for full ALLOW within the iptables. Tuleap version 8.19.99.15.

Any help would be greatly appreciated with allowing Active Directory users to authenticate to Tuleap.

As well as that, can someone please answer the following:

  1. Is there any log that can help me to find where is the problem ?
  2. If I have a local user with the same login than in Active Directory, what will happen ?

Thanks!

Improve this question

1 Answer 1

Reset to default
0

You should get more informations about what Tuleap does with your Active Directory in /var/log/tuleap/codendi_syslog, you might need to set the logs to be more verbose (go to /etc/tuleap/conf/local.inc and change sys_log_level).

If you have a local account whose login is equal to some AD sAMAccountName, when the AD guy will connect it will get a new, different, account with _2 as suffix 'bob_morris_2' for instance.

You can link manually local and AD accounts directly in the DB by setting the sAMAccountName value in ldap_id column of users DB.

Improve this answer
2
  • Thanks for that info, log contents are: 2016-09-27T06:15:02+02:00 [debug] Ignoring statistics queue. 2016-09-27T06:15:02+02:00 [debug] Ignoring fts queue. 2016-09-27T06:15:02+02:00 [debug] Processing default queue as root user. 2016-09-27T06:15:02+02:00 [info] Restore ownership to /var/tmp/tuleap_cache 2016-09-27T06:15:02+02:00 [info] Restore ownership to /var/tmp/tuleap_cache/lang 2016-09-27T06:15:02+02:00 [info] Restore ownership to /var/tmp/tuleap_cache/hooks.json 2016-09-27T06:15:02+02:00 [debug] Processing default queue as app user. AD still not working. Any ideas?
    – Robert Morris
    Commented Sep 27, 2016 at 4:18
  • Is LDAP plugin active in plugin administration (web site admin) + $sys_auth_type set to ldap ? you should have something like 2016-09-27T02:10:02+02:00 [debug] Bound to LDAP server: ldap://ldap in the logs when there is an attempt to login
    – Manuel VACELET
    Commented Sep 27, 2016 at 7:35

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .