Comments on: debugging Active Directory LDAP authentication in Redmine

By: Arlo Carreon

Arlo Carreon — Tue, 12 Jul 2011 21:42:20 +0000

Yo thanks!!! I actually had the exact same problem you had, followed the instructions and works like a charm now. Thanks a million. I sent a tip your way. [tiptheweb.org]

By: Philippe

Philippe — Mon, 17 Jan 2011 20:41:12 +0000

I finally made it work. Actually it was a password problem in my LDAP account. But yes, this debugging problem really make me loose my time as I couldn’t find out what was happening.
And to enable local debugging on LDAP port, I had to add ‘-i lo’ on the tcpdump command.

To answer my question, I finally did not set the account setting in redmine, as the account is used to log in to LDAP to retrieve the DN (which I can do anonymously) and then Redmine log in again to LDAP to check the credential.

By: Joe

Joe — Sun, 16 Jan 2011 17:23:17 +0000

Debugging is one of the truly hard parts in this – the route I took was to adwd debugging statements into the code itself where it was authenticating to the remote system, printing out responses and data to see what was happening. If you dont know your LDAP settings, check to see if anyone else around has done LDAP against AD authentication and go from there. I ended up writing little test scripts to understand our structure and dig around in it to get familiar with ours.

Not much to go on… sorry.

By: Philippe

Philippe — Sun, 16 Jan 2011 12:37:20 +0000

Hello, Thank you for your post. I’m having a similar issue with Redmine which I can make work with LDAP. Sadly, I can’t find any info when I want to debug. I actually don’t understand how to set up the domain thing in the account setting. My LDAP base DN is something like that: ou=People,dc=domain,dc=com And my user is uid=testUser,ou=People,dc=myDomain,dc=com (testUser already exists on Redmine and is configured to user LDAP auth) So I’m using uid to filter the user. My LDAP admin account is cn=admin,dc=domain,dc=com Then, I’ve tried to use admin, cn=admin,dc=domain,dc=com or myDomain/admin or event testUser (he must be able to retrieve his own credential infos), but with none of them I can make work the testUser login into Redmine. Strangely, I don’t get anything with the tcpdump command, even while my LDAP is working for the PAM and SASL authentications. Thanks if you can help !

By: Koen

Koen — Fri, 22 Oct 2010 14:56:36 +0000

Thank you so much!
I already tried several times to get the LDAP authentication working. Up till now without success.
Debugging using the console really made a difference. I couldn’t have found that myself (only basic Linux knowledge and no PHP, Rails and Active Directory experience … it’s close to a miracle I got it working at all )
In case someone is interested: my Base DN was wrong:
Before debugging, it was: DC=server,DC=companyName,DC=local while it should have been: DC=companyName,DC=local

Thanks again

By: Giovanisp

Giovanisp — Fri, 06 Aug 2010 09:08:17 +0000

Man, thank you so much for this walk-through. I was going mad about my LDAP setup! By using tcpdump I was able to track the issues and fix the LDAP parameters… works like a charm