is it possible to use both local and LDAP authentication?
In http://node:8080/art/settings I have set Default Authentication Method to Auto
Then, when I try to log in with my LDAP credentials, I get error: "User not created in ART"
Details:
art 7.3 (own MySQL backend)
389-DS (OpenLDAP)
LDAP sections Settings: LDAP Server - FQDN of ldap server node LDAP Port - 636 LDAP Connection Encryption Method - startTLS # because of 636 port and LDAP configuration LDAP Base DN - ou=People,dc=... Use Anonymous Bind = YES LDAP User ID Attribute = uid LDAP Authentication Method - simple
I have already tested an use authentication against LDAP for various tools: GitLab, Nexus Repo s/w, etc...
Do you have an idea?
(as I see nothing related to LDAP on http://node:8080/art/logs page)
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Set the default authentication method to LDAP. Auto means something else.
The ldap username must exist in art. So create a user in art with the same username as the ldap user and give the user the roles/permissions you would like.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have defined UID=predrag_zecevic in LDAP.
Which option I have to check/fill in in user creation form if I want to be authenticated against LDAP?
Field - value pairs: ID - automatically set Username - predrag_zecevic Password -- from LDAP?
[ ] Blank [ ] Generate and send -- just ignore, LDAP contains password Full Name - from LDAP? Email - from LDAP? Description - not important (from LDAP?) Active -- YES Can Change Password -- I assume NO Public User - NO Default Report Group - ? Start Report - ? User Groups - ? Roles - ?
Thanks in advance
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have created user with Username predrag_zecevic in ART, set Default Authentication Method to LDAP, and now I cannot log-in anymore using either account...
Do you have some advice?
What I have done wrong?
Regards.
Last edit: Predrag Zečević 2023-04-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Now, ART tries to get admin log-in data from ldap too? com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 1, base DN 'ou=People,dc=my-domain,dc=com', scope SUB, and filter '(uid=admin)' from server ldap.mydomain.com:636.
This is also problematic (actually, for port 636 we use TLS, e.g. ldaps://ldap.my-domain.com connection -- and it works): com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 1, base DN 'ou=People,dc=my-domain,dc=com', scope SUB, and filter '(uid=predrag_zecevic)' from server ldap.my-domain.com:636.
So, how can I log-in as admin again?
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You should be able to login as admin or root even if there is a problem with the ldap configuration.
But to force logging in with the art password only, use a url like http://server:8080/art/login?authenticationMethod=internal. Then login with the admin user.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi again,
is it possible to use both local and LDAP authentication?
In
http://node:8080/art/settingsI have setDefault Authentication Method to Auto
Then, when I try to log in with my LDAP credentials, I get error: "User not created in ART"
Details:
LDAP sections Settings:
LDAP Server - FQDN of ldap server node
LDAP Port - 636
LDAP Connection Encryption Method - startTLS # because of 636 port and LDAP configuration
LDAP Base DN - ou=People,dc=...
Use Anonymous Bind = YES
LDAP User ID Attribute = uid
LDAP Authentication Method - simple
I have already tested an use authentication against LDAP for various tools: GitLab, Nexus Repo s/w, etc...
Do you have an idea?
(as I see nothing related to LDAP on
http://node:8080/art/logspage)Regards.
Two things.
Ah, OK.
Many thanks for quick answers!
With best regards.
So,
I have defined UID=predrag_zecevic in LDAP.
Which option I have to check/fill in in user creation form if I want to be authenticated against LDAP?
Field - value pairs:
ID - automatically set
Username - predrag_zecevic
Password -- from LDAP?
[ ] Blank [ ] Generate and send -- just ignore, LDAP contains password
Full Name - from LDAP?
Email - from LDAP?
Description - not important (from LDAP?)
Active -- YES
Can Change Password -- I assume NO
Public User - NO
Default Report Group - ?
Start Report - ?
User Groups - ?
Roles - ?
Thanks in advance
I have created user with Username
predrag_zecevicin ART, set Default Authentication Method to LDAP, and now I cannot log-in anymore using either account...Do you have some advice?
What I have done wrong?
Regards.
Last edit: Predrag Zečević 2023-04-27
The main thing is the username. You don't have to set the password, email, description etc.
Which user are you trying to login to art with?
a) Yes, set only Username
b) With
predrag_zecevic(my UID in LDAP)Now, ART tries to get admin log-in data from ldap too?
com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 1, base DN 'ou=People,dc=my-domain,dc=com', scope SUB, and filter '(uid=admin)' from server ldap.mydomain.com:636.This is also problematic (actually, for port 636 we use TLS, e.g. ldaps://ldap.my-domain.com connection -- and it works):
com.unboundid.ldap.sdk.LDAPSearchException: A client-side timeout was encountered while waiting 300000ms for a response to search request with message ID 1, base DN 'ou=People,dc=my-domain,dc=com', scope SUB, and filter '(uid=predrag_zecevic)' from server ldap.my-domain.com:636.So, how can I log-in as admin again?
Regards.
You should be able to login as admin or root even if there is a problem with the ldap configuration.
But to force logging in with the art password only, use a url like
http://server:8080/art/login?authenticationMethod=internal. Then login with the admin user.Thanks.
That has worked!
Just for info: if someone uses LDAPS (as I do), this is LDAP settings which works:
Default Authentication Method is set to LDAP
LDAP Server: Empty
LDAP Port: 636
LDAP Connection Encryption Method: None
LDAP URL: ldaps://ldap.my-domain.com
LDAP Base DN: ou=People,dc=my-domain,dc=com
Use Anonymous Bind: YES
LDAP User ID Attribute: uid
LDAP Authentication Method: simple
Regards.
You can close/archive this