redmine ldap身份验证失败

redmine ldap身份验证失败,ldap,redmine,Ldap,Redmine,我无法使用Redmine成功进行LDAP身份验证。下面是我所做工作的描述: 我已经在Centos 6.7上安装了Bitnami Redmine,并尝试在MS Windows server 2012上对AD进行身份验证 Environment: Redmine version 3.1.1.stable Ruby version 2.0.0-p647 (2015-08-18) [x86_64-linux] Rails version 4.2.4 Environment production Data

我无法使用Redmine成功进行LDAP身份验证。下面是我所做工作的描述:

我已经在Centos 6.7上安装了Bitnami Redmine,并尝试在MS Windows server 2012上对AD进行身份验证

Environment: Redmine version 3.1.1.stable
Ruby version 2.0.0-p647 (2015-08-18) [x86_64-linux]
Rails version 4.2.4
Environment production
Database adapter Mysql2
SCM:
  Subversion 1.6.11
  Git 1.7.1
  Filesystem

Redmine plugins:
  no plugin installed
这是我在Redmine上的LDAP配置:

Name: geo-AD
Host: geo-dc.geo.net
Port 389 LDAPS: No
User: ldapuser
DN Base: DC=geo-dc,DC=geo,DC=net
LDAP filter: (objectClass=*)
on the fly: yes
Connection attribute: sAMAccontName
Name: givenName
Surname: sn
Mail: mail
测试工作正常,但当我尝试验证时,我总是得到

无效密码

我使用Wireshark跟踪了身份验证阶段,我看到了以下内容:

redmine主机向AD服务器发出请求,请求以下属性:

  • dn
  • 吉文纳姆
  • 邮寄
AD服务器回答“无此类对象”,身份验证停止。我已从LDAP配置窗口中删除了
givenName
sn
mail
,对DN的请求仍然存在并导致失败

我已经检查了AD模式,没有名为“dn”的属性

你知道为什么Redmine在身份验证期间要求这样做,以及是否有办法改变这种行为吗

下面是LDAP查询和LDAP响应。
192.168.1.244
是带有Redmine的Centos服务器,
192.168.1.240
是带有AD的MS server 2012

No.     Time           Source                Destination           Protocol Length Info

72 28.269126319   192.168.1.244         192.168.1.240         LDAP     237    searchRequest(2) "DC=geo-dc,DC=geo,DC=net" wholeSubtree 
第72帧:线路上237字节(1896位),接口0上捕获237字节(1896位)

轻量级目录访问协议

LDAPMessage searchRequest(2) "DC=geo-dc,DC=geo,DC=net" wholeSubtree

    messageID: 2

    protocolOp: searchRequest (3)

        searchRequest

            baseObject: DC=geo-dc,DC=geo,DC=net

            scope: wholeSubtree (2)

            derefAliases: neverDerefAliases (0)

            sizeLimit: 0

            timeLimit: 0

            typesOnly: False

            Filter: (&(&(objectClass=*)(objectClass=*))
(sAMAccountName=mlavagna))

                filter: and (0)

                    and: (&(&(objectClass=*)(objectClass=*))
(sAMAccountName=mlavagna))

                        and: 3 items

                            Filter: (objectClass=*)

                                and item: present (7)

                                    present: objectClass

                            Filter: (objectClass=*)

                                and item: present (7)

                                    present: objectClass

                            Filter: (sAMAccountName=mlavagna)

                                and item: equalityMatch (3)

                                    equalityMatch

                                        attributeDesc: sAMAccountName

                                        assertionValue: mlavagna

            attributes: 4 items

                AttributeDescription: dn

                AttributeDescription: givenName

                AttributeDescription: sn

                AttributeDescription: mail

    [Response In: 73]

    controls: 1 item

        Control

            controlType: 1.2.840.113556.1.4.319 (pagedResultsControl)

            criticality: False

            SearchControlValue

                size: 126

                cookie: <MISSING>
LDAPMessage searchResDone(2) noSuchObject (0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:

'DC=geo,DC=net'

) [0 results]

    messageID: 2

    protocolOp: searchResDone (5)

        searchResDone

            resultCode: noSuchObject (32)

            matchedDN: DC=geo,DC=net

            errorMessage: 0000208D: NameErr: DSID-03100238, problem 2001 
(NO_OBJECT), data 0, best match of:\n\t'DC=geo,DC=net'\n

    [Response To: 72]

    [Time: 0.000264030 seconds]
LDAP中是否有“ou”(组织单位)?例如,如果您的用户在ou=People下,您的redmine DN库可能如下所示:

DN Base: ou=People,DC=geo-dc,DC=geo,DC=net
LDAP中是否有“ou”(组织单位)?例如,如果您的用户在ou=People下,您的redmine DN库可能如下所示:

DN Base: ou=People,DC=geo-dc,DC=geo,DC=net

不,我没有在LDAP中定义ou。不,我没有在LDAP中定义ou。