Achu
January 17, 2018, 7:53am
1
I have a lot of web systems which are integrated into the current LDAP server, and they all works fine. But Zammad keeps giving me Invalid DN Syntax
Full error message:
Can't connect to 'directory.example.com' on port '636', Can't bind to 'directory.example.com', 34, Invalid DN Syntax
My base DN is: ou=users,ou=directory,ou=example,ou=com
I can even perform ldapsearch
directly from zammad server, like:
ldapsearch -x -D "uid=admin,ou=directory,ou=users,ou=com" -W -H ldaps://directory.example.com
and i got success result.
Is there anyway I can fix this? maybe, i can directly edit the integration file? if so where do i find it?
log/production.log
file: https://paste.ubuntu.com/26403001/
Thanks!
Have you tried to use the full DN of the user in the “Bind User” field? THat worked for me
Achu
January 17, 2018, 9:10am
3
Thank you for your help!
I tried that and now it’s giving me another error message:
Unable to retrive group information, please check your bind user permissions.
I confirm this patch https://github.com/zammad/zammad/commit/2ae3b605a7e53ad94c994946fc23e34d3c2e33ac
And the user has admin privileges.
Any idea?
can you post a screenshot of your ldap connection settings?
I went through a few iterations to get the groupd filter and group dn settings correct
what kind of ldap server are you using? and can you paste the production.log again as we have now a working connection but some kind of difference in group information…
Achu
January 17, 2018, 10:13am
7
I’m using OpenLDAP
Here is the latest production.log
I, [2018-01-17T10:06:33.817049 #1990] INFO -- : Processing by OnlineNotificationsController#index as JSON
I, [2018-01-17T10:06:33.825171 #1990] INFO -- : Parameters: {"full"=>"true", "_"=>"1516183072731"}
I, [2018-01-17T10:06:33.865261 #1990] INFO -- : Completed 200 OK in 40ms (Views: 0.3ms | ActiveRecord: 22.1ms)
I, [2018-01-17T10:06:44.657627 #1990] INFO -- : Started POST "/api/v1/integration/ldap/discover" for 127.0.0.1 at 2018-01-17 10:06:44 +0000
I, [2018-01-17T10:06:44.671229 #1990] INFO -- : Processing by Integration::LdapController#discover as JSON
I, [2018-01-17T10:06:44.671439 #1990] INFO -- : Parameters: {"host_url"=>"ldaps://directory.example.com:636", "ssl_verify"=>true}
E, [2018-01-17T10:06:44.720791 #1990] ERROR -- : Can't bind to 'directory.example.com', 48, Inappropriate Authentication (Exceptions::UnprocessableEntity)
/opt/zammad/lib/ldap.rb:138:in `binded_connection'
/opt/zammad/lib/ldap.rb:122:in `connect'
/opt/zammad/lib/ldap.rb:38:in `initialize'
/opt/zammad/app/controllers/integration/ldap_controller.rb:12:in `new'
/opt/zammad/app/controllers/integration/ldap_controller.rb:12:in `discover'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/abstract_controller/base.rb:186:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/rendering.rb:30:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/callbacks.rb:131:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/abstract_controller/callbacks.rb:19:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/rescue.rb:20:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/notifications.rb:166:in `block in instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/notifications/instrumenter.rb:21:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/notifications.rb:166:in `instrument'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal/params_wrapper.rb:252:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activerecord-5.1.4/lib/active_record/railties/controller_runtime.rb:22:in `process_action'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/abstract_controller/base.rb:124:in `process'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionview-5.1.4/lib/action_view/rendering.rb:30:in `process'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal.rb:189:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_controller/metal.rb:253:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/routing/route_set.rb:31:in `serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/journey/router.rb:50:in `block in serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/journey/router.rb:33:in `each'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/journey/router.rb:33:in `serve'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/routing/route_set.rb:834:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:190:in `call!'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/strategy.rb:168:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/omniauth-1.7.1/lib/omniauth/builder.rb:63:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/etag.rb:25:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/conditional_get.rb:38:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/head.rb:12:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:232:in `context'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/session/abstract/id.rb:226:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/cookies.rb:613:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/callbacks.rb:26:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/callbacks.rb:97:in `run_callbacks'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/callbacks.rb:24:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/rack/logger.rb:36:in `call_app'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/rack/logger.rb:24:in `block in call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/tagged_logging.rb:69:in `block in tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/tagged_logging.rb:26:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/tagged_logging.rb:69:in `tagged'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/rack/logger.rb:24:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/request_id.rb:25:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/method_override.rb:22:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/runtime.rb:22:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.4/lib/active_support/cache/strategy/local_cache_middleware.rb:27:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/executor.rb:12:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.4/lib/action_dispatch/middleware/static.rb:125:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/rack-2.0.3/lib/rack/sendfile.rb:111:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/railties-5.1.4/lib/rails/engine.rb:522:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.11.0/lib/puma/configuration.rb:225:in `call'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.11.0/lib/puma/server.rb:624:in `handle_request'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.11.0/lib/puma/server.rb:438:in `process_client'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.11.0/lib/puma/server.rb:302:in `block in run'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/puma-3.11.0/lib/puma/thread_pool.rb:120:in `block in spawn_thread'
/opt/zammad/vendor/bundle/ruby/2.4.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
I, [2018-01-17T10:06:44.728152 #1990] INFO -- : Completed 200 OK in 57ms (Views: 0.9ms | ActiveRecord: 15.4ms)
I, [2018-01-17T10:07:17.476666 #1990] INFO -- : Started POST "/api/v1/integration/ldap/bind" for 127.0.0.1 at 2018-01-17 10:07:17 +0000
I, [2018-01-17T10:07:17.506124 #1990] INFO -- : Processing by Integration::LdapController#bind as JSON
I, [2018-01-17T10:07:17.506367 #1990] INFO -- : Parameters: {"base_dn"=>"ou=users,ou=directory,ou=ett,ou=com", "bind_user"=>"uid=admin,ou=directory,ou=ett,ou=com", "bind_pw"=>"[FILTERED]", "host_url"=>"ldaps://directory.example.com:636", "ssl_verify"=>true}
I, [2018-01-17T10:07:18.451522 #1990] INFO -- : Completed 200 OK in 945ms (Views: 0.8ms | ActiveRecord: 11.4ms)
I, [2018-01-17T10:07:33.861113 #1994] INFO -- : Scheduler running...
I, [2018-01-17T10:07:33.925141 #1994] INFO -- : Started job thread for 'Check Channels' (Channel.fetch)...
I, [2018-01-17T10:07:34.124508 #1994] INFO -- : execute Channel.fetch (try_count 0)...
I, [2018-01-17T10:07:34.175818 #1994] INFO -- : fetching imap (imap.gmail.com/email@gmail.com port=993,ssl=true,folder=INBOX,keep_on_server=false)
I, [2018-01-17T10:07:36.163038 #1994] INFO -- : - no message
I, [2018-01-17T10:07:36.163132 #1994] INFO -- : done
I, [2018-01-17T10:07:41.871492 #1994] INFO -- : Starting worker thread Delayed::Backend::ActiveRecord::Job
I, [2018-01-17T10:07:43.943282 #1994] INFO -- : Started job thread for 'Check streams for Channel' (Channel.stream)...
I, [2018-01-17T10:07:44.259047 #1994] INFO -- : execute Channel.stream (try_count 0)...
I, [2018-01-17T10:07:45.991175 #1994] INFO -- : 2018-01-17T10:07:45+0000: [Worker(host:HelpDesk pid:1994)] Job BackgroundJobSearchIndex (id=205464) RUNNING
the error message up there makes me wonder if this has anything to do along the lines of https://github.com/zammad/zammad/issues/1114 ?
maybe you could also create the ldap debug which is mentioned on the issue in the last comment to find the real reason this request fails?
This might be the same issue as: https://github.com/zammad/zammad/issues/1602
and might got fixed with: https://github.com/zammad/zammad/issues/1664
Please try with the latest develop version (just for testing) and report.
Achu
January 18, 2018, 12:04pm
10
Thanks! according to your fix :
My users objectClass
assigned with organizationalUnit
so i added mine like this:
@filter ||= lookup_filter(['(objectClass=organizationalUnit)', '(objectClass=groupOfUniqueNames)', '(objectClass=group)', '(objectClass=posixgroup)', '(objectClass=organization)'])
and, it works!
You guys are awesome! thank you!
Achu
January 18, 2018, 2:56pm
11
Another strange issue is that, there are around 1305 users on LDAP servers. Only a few are imported it showed 706 untouched, 577 skipped
Any idea?
Thanks!
this depends on your user import filter… maybe this does not “see” all users because they are stored in a different ou?
Achu
January 18, 2018, 3:20pm
13
The user’s group I’m interested in is: ou=users
my structure looks like this:
I need those users under c=TT but I don’t mind to import everything. I tried a lot of filter settings with objectClass
but nothing works.
Any thought?
I’d try something like this in LDAP User filter (of course depending on how your users are created this might change the objectClass/objectCategory types)
(&(objectCategory=person)(objectClass=user)(uid=*)())
then you should be able to see all users and then use the role assignement to select
c=TT,ou=users,OU=directory,ou=whatever,ou=com
and assign those users to the role you need them to be in…
Achu
January 19, 2018, 8:46am
15
I managed the filters based on the directory structure.
Now, I can see that all users are imported(I can see some of them in the activity stream). When I click on one of them, I can change their setting. However, I cannot found them on the user’s list. A bug?
That’s what the role assignement does. You should assign a user to a role using the assignment rules in the ldap connector (second part of my last message)
Achu
January 19, 2018, 8:56am
17
Already did that and checked so many times. But still gets the same result.
system
Closed
February 18, 2018, 8:56am
18
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.