LDAP integration is failing

larrybg · June 26, 2019, 6:39pm

Used Zammad version: 3.0.x
Used Zammad installation source: (source, package, …) yum
Operating system: CentOS 7
Browser + version: Chrome 75.0.3770.100

Expected behavior:

Working LDAP integration. The application connects to the LDAP server and imports users from specified LDAP groups
*

Actual behavior:

LDAP configuration is failing with error: Unsupported object type: id=0 or
*

Steps to reproduce the behavior:

Connect to LDAP. Specify user mapping from the dropdowns. Add LDAP groups and assign Roles from the dropdowns. Select not to sync users without LDAP groups and click next.
After a few minutes of calculating users error will be shown"Unsupported object type: id=0".

If I manually specify my LDAP group ( it doesn’t show in the dropdown for some reason) I’ll receive another error: “undefined method `result_code’ for nil:NilClass”
*

dvnkln · June 27, 2019, 6:27am

Hey @larrybg,

your ldap connection doesn’t seem to work at all.
Most of the time i encountered this kind of error message i had a messed up ldaps config.

What are your current settings inside zammad?
Are you able to connect to your directory services with another tool while using the same settings?

cheers

MrGeneration · June 27, 2019, 8:19am

Just for reference, this was also posted here:

larrybg · July 9, 2019, 7:26pm

I’ve used an LDAP Browser I’ve downloaded from here: www.ldapadministrator.com and able to connect with the same settings. So I can confirm that ldap works just fine. I also can filter/search my custom ldap groups using that browser, something that fails with Zammad. I’ve tried to copy the groups settings and it didn’t work either.
I’ll be happy to show you if we can schedule a webex meeting.

larrybg · July 15, 2019, 7:28pm

Are there any updates on this issue?

MrGeneration · July 18, 2019, 11:14am

No offense, but please don’t expect commercial grate support on here.
Our time for the community currently is very limited because of vacations and work load.

We’re trying to thread everyone with the same time amount to stay fair.

Also, I’m moving the diskussion from the issue https://github.com/zammad/zammad/issues/2631 to here, which is basically your issue keeping us busy at two sites It’s just for better overview on my site.

For your issue:
If you have a very big LDAP with tons of attributes being set, it’s possible that Zammad limits the lookups too early which might result in the above issue.

To workaround (and double check) this, you can edit the file lib/ldap/user.rb at about line 140 and change 50 to let’s say 1500. https://github.com/zammad/zammad/blob/develop/lib/ldap/user.rb#L140

This will raise the attribute limit to 1500 and could help.

Afterwards restart Zammad and open the ldap integration dialogue again.

larrybg · July 18, 2019, 5:36pm

Didn’t help, still don’t see my user groups in the dropdown. Are there any other limitations to adjust?

MrGeneration · July 19, 2019, 7:17am

No.
And sorry for asking, but is “didn’t help” translating to The same user appears ?
Sorry… but right now it feels impossible to help.

You don’t seem to share all information needed to solve this.
I mean apart from a webex session you’d love to do but that’s out of scope.

larrybg · July 19, 2019, 11:48am

“Didn’t help” translates it returns with the same error. What information do you need that I didn’t share?

MrGeneration · July 19, 2019, 1:29pm

Please provide the output of your production.log from the timespan where you try to implement the LDAP integration. Also it would be interesting to know what LDAP-Server software you’re trying to talk to.

We don’t need exact version numbers, but it might be that your server simply acts different from what we expect and thus we have that behaviour.

larrybg · July 22, 2019, 2:16pm

LDAP-Software: Tivoli Directory Server

system · November 19, 2019, 2:17pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.