Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with LDAP #537

Open
Kottare-Seth opened this issue Feb 26, 2025 · 5 comments
Open

Problem with LDAP #537

Kottare-Seth opened this issue Feb 26, 2025 · 5 comments

Comments

@Kottare-Seth
Copy link

Kottare-Seth commented Feb 26, 2025
edited by huly-for-github bot
Loading

Hi,
I have followed tutorial about LDAP integration step by step:
https://www.horilla.com/blogs/how-to-integrate-ldap-with-django/

Below my configuration:

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

AUTH_LDAP_SERVER_URI = "ldap://xxxxxx:389"

AUTH_LDAP_BIND_DN = "CN=horillasync,CN=xxxxxxx,DC=xxx,DC=xxx,DC=xxxx"
AUTH_LDAP_BIND_PASSWORD = "xxxxxxxxx"

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    "dc=xxxxxxx,dc=xxxxx,dc=xxxx",
    ldap.SCOPE_SUBTREE,
    "(sAMAccountName=%(user)s)"
)


AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}


AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',  # Keep Django's default user model
)


AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_CREATE_USERS = True

When I do ldapsearch from CLI I get response:

ldapsearch -x -H ldap://xxx.xxx.xxx:389 -D "CN=horillasync,CN=xxx,DC=xxx,DC=xxx,DC=xxxx" -w "xxxxx" -b "dc=xxx,dc=xxxx,dc=xxxx" "(sAMAccountName=USER_LOGIN)"

But while trying to login to Horilla via WEB I got this in logs:

Binding as CN=horillasync,CN=xxxx,DC=xxxx,DC=xxx,DC=xxxx
Invoking search_s('dc=xxx,dc=xxx,dc=xx', 2, '(sAMAccountName=xxxx)')
Caught LDAPError looking up user: OPERATIONS_ERROR({'msgtype': 100, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090C78, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c'})

I've double checked everything, password is ok and userbind, since it works from CLI.
Tried few setups, trying ldap URL with/without port, using DN or UPN - same effect.
@horilla-opensource
Copy link
Owner

Hi @Kottare-Seth ,

Please try running the following command to verify the bind DN:

ldapsearch -x -H ldap://xxxxxx:389 -D "CN=horillasync,CN=xxxxxxx,DC=xxx,DC=xxx,DC=xxxx" -w "xxxxxxxxx" -b "DC=xxx,DC=xxx,DC=xxxx" "(sAMAccountName=horillasync)"

If the result returns:

dn: CN=horillasync,OU=Admins,DC=xxx,DC=xxx,DC=xxxx

Then update your code with:

AUTH_LDAP_BIND_DN = "CN=horillasync,OU=Admins,DC=xxx,DC=xxx,DC=xxxx"

Additionally, LDAP configuration management from the web interface is currently under development and will be available in the source code soon.

Best Regards,
Team Horilla

@Kottare-Seth
Copy link
Author

Hi,
Command above returned same DN as I have currently in "AUTH_LDAP_BIND_DN" - took it from attributes from AD.
It work with ldapsearch, but not on Horilla UI.
Rest of config seems to be correct in your opinion?

Great to hear about LDAP configuration in Web interface - maybe you might add test connectivity option, with trying search some user to validate is it working correctly?

@horilla-opensource
Copy link
Owner

Hi @Kottare-Seth,

We've recently updated the source code and introduced a separate app for LDAP integration in Horilla. Please pull the latest code and follow these steps:

  1. Add "horilla_ldap", before "django.contrib.admin," to the INSTALLED_APPS section in horilla > settings.py.

  2. Run the following commands:

    python manage.py makemigrations
python manage.py migrate

  3. Now, you can configure LDAP settings (BIND_DN, BASE_DN, SERVER, and PASSWORD) from Settings → General Settings → LDAP Configuration in the web interface.

  4. Once the connection is successfully established, you can import employees from the LDAP database using:

    python manage.py import_ldap_users

    Similarly, to transfer users from Horilla to LDAP, use:

    python manage.py import_users_to_ldap

This should resolve the issue and make the LDAP setup more manageable via the web interface. Let us know if you face any further issues!

Best Regards,
Team Horilla

@siseth
Copy link

siseth commented Mar 12, 2025

Hello @horilla-opensource , we still facing errors when trying to connect,

Connection is going on port 3268 but its not valid port for LDAP its GC port and doesnt map properly changes, when i trying to change port to 389 still facing issues even if manual ldapsearch working with no issues:

Error: {'msgtype': 115, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090CF8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c'}

and cannot import users or login to server.

@horilla-opensource
Copy link
Owner

Hi @siseth ,

Thank you for your patience. Since you've followed all the steps and are still facing issues, we’d be happy to assist you further. To troubleshoot this efficiently, we can schedule a Google Meet session.

Please share your availability, and we will coordinate a suitable time. You can reach us at support@horilla.com to finalize the details.

Looking forward to resolving this with you!

Best Regards,
Team Horilla

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@siseth @horilla-opensource @Kottare-Seth