Issues with LDAP Configuration

Agi Joseph agi.joseph at gans.aero
Tue Feb 15 14:37:57 UTC 2022 

Dear Thorsten,


LDAP bind is ok because LDAP bind error getting if I put a wrong password in LDAPbinddn option , so means bind is ok ,

but am not able to logon with AD accounts on web-UI.

If I put  LDAPuidattribute as userPrincipalName  below error getting,

With userPrincipalName, (username)
The login or password you entered is not valid."

With username at domain.aero

We received an email address (administrator at gans.aero) that didn't pass our syntax checking for a legal email address, when trying to create or update your account. A legal login name must contain local GANS usernames , eg. 'john.doe' . No @ allowed. It also must not contain any illegal characters.

Can you suggest a best solution,


From Linux console I can logon successfully to LDAP (AD) to test using LDAP Query. So the problem from the Bugzilla portal.





Best Regards,

Agi Joseph
Systems & Network Administrator
Global Air Navigation Services LLC
Tel:+971 2 5565233 * 2583
Mob:+971 50 2383530
Email:agi.joseph at gans.aero
Web:www.gans.aero


-----Original Message-----
From: support-list <support-list-bounces at bugzilla.org> On Behalf Of Thorsten Schöning
Sent: Tuesday, February 15, 2022 3:59 PM
To: support-list at bugzilla.org
Subject: Re: Issues with LDAP Configuration

Guten Tag Agi Joseph,
am Dienstag, 15. Februar 2022 um 04:40 schrieben Sie:

> LDAPserver # 192.168.****.***
> CLDAPbinddn # CN=administrator,OU=IT,DC=gans,Dc=aero:*******
> LDAPBaseDN # OU=IT,DC=gans,Dc=aero
> LDAPuidattribute # userPrincipalName ( tried with mail, UID,etc )
> LDAPmailattribute # mail LDAPfilter # blans]k

You still need to provide more details: How do "userPrincipalName", "sAMAccountName" and "mail" look like in your AD? Simply provide some example for one test user. Additionally describe what you have input in the login form of the web-UI exactly and what the exact error message/result was. Did you input "username" or "username at example.org"
or ...?

All of this makes a lot of difference, because Bugzilla first tries to bind to AD with a special user in your setup (LDAPbinddn) and afterwards queries for the username given in the login form using "userPrincipalName". If that is found, it tries to bind again with the additionally provided password. If it's not found, e.g. because you have provided "username at example.org" while only "username" is available in "userPrincipalName", login won't be granted.

The point is that error messages and stuff might be different if e.g.
the first bind approach is already failing vs. the wrong username is entered.

Mit freundlichen Grüßen

Thorsten Schöning

--
AM-SoFT IT-Service - Bitstore Hameln GmbH Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK

E-Mail: Thorsten.Schoening at AM-SoFT.de
Web:    http://www.AM-SoFT.de/

Tel:   05151-  9468- 0
Tel:   05151-  9468-55
Fax:   05151-  9468-88
Mobil:  0178-8 9468-04

AM-SoFT IT-Service - Bitstore Hameln GmbH, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 221853 - Geschäftsführer: Janine Galonska


Für Rückfragen stehe ich Ihnen jederzeit zur Verfügung.

Mit freundlichen Grüßen,

Thorsten Schöning


Telefon: +49 (0)515 94 68 - 0
Fax:
E-Mail: TSchoening at am-soft.de

AM-Soft IT-Service - Bitstore Hameln GmbH Brandenburger Straße 7c
31789 Hameln

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen und ist ausschliesslich für den Adressaten bestimmt. Jeglicher Zugriff auf diese E-Mail durch andere Personen als den Adressaten ist untersagt. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, ist Ihnen jede Veröffentlichung, Vervielfältigung oder Weitergabe wie auch das Ergreifen oder Unterlassen von Massnahmen im Vertrauen auf erlangte Information untersagt.

This e-mail may contain confidential and/or privileged information and is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.

Hinweise zum Datenschutz: bitstore.group/datenschutz



_______________________________________________
support-list mailing list
support-list at bugzilla.org
https://lists.bugzilla.org/listinfo/support-list

More information about the support-list mailing list