redmine ldap身份验证失败
我无法使用Redmine成功进行LDAP身份验证。下面是我所做工作的描述: 我已经在Centos 6.7上安装了Bitnami Redmine,并尝试在MS Windows server 2012上对AD进行身份验证redmine ldap身份验证失败,ldap,redmine,Ldap,Redmine,我无法使用Redmine成功进行LDAP身份验证。下面是我所做工作的描述: 我已经在Centos 6.7上安装了Bitnami Redmine,并尝试在MS Windows server 2012上对AD进行身份验证 Environment: Redmine version 3.1.1.stable Ruby version 2.0.0-p647 (2015-08-18) [x86_64-linux] Rails version 4.2.4 Environment production Data
Environment: Redmine version 3.1.1.stable
Ruby version 2.0.0-p647 (2015-08-18) [x86_64-linux]
Rails version 4.2.4
Environment production
Database adapter Mysql2
SCM:
Subversion 1.6.11
Git 1.7.1
Filesystem
Redmine plugins:
no plugin installed
这是我在Redmine上的LDAP配置:
Name: geo-AD
Host: geo-dc.geo.net
Port 389 LDAPS: No
User: ldapuser
DN Base: DC=geo-dc,DC=geo,DC=net
LDAP filter: (objectClass=*)
on the fly: yes
Connection attribute: sAMAccontName
Name: givenName
Surname: sn
Mail: mail
测试工作正常,但当我尝试验证时,我总是得到
无效密码
我使用Wireshark跟踪了身份验证阶段,我看到了以下内容:
redmine主机向AD服务器发出请求,请求以下属性:
- dn
- 吉文纳姆
- 锡
- 邮寄
givenName
、sn
和mail
,对DN的请求仍然存在并导致失败
我已经检查了AD模式,没有名为“dn”的属性
你知道为什么Redmine在身份验证期间要求这样做,以及是否有办法改变这种行为吗
下面是LDAP查询和LDAP响应。
192.168.1.244
是带有Redmine的Centos服务器,192.168.1.240
是带有AD的MS server 2012
No. Time Source Destination Protocol Length Info
72 28.269126319 192.168.1.244 192.168.1.240 LDAP 237 searchRequest(2) "DC=geo-dc,DC=geo,DC=net" wholeSubtree
第72帧:线路上237字节(1896位),接口0上捕获237字节(1896位)
轻量级目录访问协议
LDAPMessage searchRequest(2) "DC=geo-dc,DC=geo,DC=net" wholeSubtree
messageID: 2
protocolOp: searchRequest (3)
searchRequest
baseObject: DC=geo-dc,DC=geo,DC=net
scope: wholeSubtree (2)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 0
typesOnly: False
Filter: (&(&(objectClass=*)(objectClass=*))
(sAMAccountName=mlavagna))
filter: and (0)
and: (&(&(objectClass=*)(objectClass=*))
(sAMAccountName=mlavagna))
and: 3 items
Filter: (objectClass=*)
and item: present (7)
present: objectClass
Filter: (objectClass=*)
and item: present (7)
present: objectClass
Filter: (sAMAccountName=mlavagna)
and item: equalityMatch (3)
equalityMatch
attributeDesc: sAMAccountName
assertionValue: mlavagna
attributes: 4 items
AttributeDescription: dn
AttributeDescription: givenName
AttributeDescription: sn
AttributeDescription: mail
[Response In: 73]
controls: 1 item
Control
controlType: 1.2.840.113556.1.4.319 (pagedResultsControl)
criticality: False
SearchControlValue
size: 126
cookie: <MISSING>
LDAPMessage searchResDone(2) noSuchObject (0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=geo,DC=net'
) [0 results]
messageID: 2
protocolOp: searchResDone (5)
searchResDone
resultCode: noSuchObject (32)
matchedDN: DC=geo,DC=net
errorMessage: 0000208D: NameErr: DSID-03100238, problem 2001
(NO_OBJECT), data 0, best match of:\n\t'DC=geo,DC=net'\n
[Response To: 72]
[Time: 0.000264030 seconds]
LDAP中是否有“ou”(组织单位)?例如,如果您的用户在ou=People下,您的redmine DN库可能如下所示:
DN Base: ou=People,DC=geo-dc,DC=geo,DC=net
LDAP中是否有“ou”(组织单位)?例如,如果您的用户在ou=People下,您的redmine DN库可能如下所示:
DN Base: ou=People,DC=geo-dc,DC=geo,DC=net
不,我没有在LDAP中定义ou。不,我没有在LDAP中定义ou。