Ldap intergration - 64, Naming Violation

pratat · October 29, 2024, 6:40am

Used Zammad version: 6.3.1
Used Zammad installation type: docker
Operating system: ubuntu 22.0

Expected behavior:

Able to connect zammad to ldap

Actual behavior:

Input the following
Host: vps3.example.com:6360
SSL/STARTTLS: SSL
SSL Verification: yes
Active: yes

Error message return: Can’t connect to ‘vps3.example.com’ on port ‘6360’, Can’t bind to ‘vps3.example.com’, 64, Naming Violation

Steps to reproduce the behavior:

As above

Docker logs file as follow

app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction’
E, [2024-10-29T06:34:09.744217#1-2154620] ERROR – : Can’t connect to ‘vps3.example.com’ on port ‘6360’, Can’t bind to ‘vps3.example.com’, 64, Naming Violation (Exceptions::UnprocessableEntity)

Any idea what have i done wrong ?

fliebe92 · October 29, 2024, 8:34am

Hi @pratat. This is an issue saying that your LDAP server configuration is not correct. No Zammad issue, I guess you need to check your configuration again and fix it.

pratat · October 29, 2024, 8:36am

Hello ,

Thank you for the prompt response.

I have figured out where the issue is. Apparently , the ldap need to support anonymous bind which is not enabled on my end.

All good for now.

MrGeneration · October 29, 2024, 9:29am

I was under the impression that anonymous bind is no longer required with Zammad…?

fliebe92 · October 29, 2024, 9:34am

It does, but it’s currently more or less hardcoded to specific error codes/messages: zammad/app/controllers/integration/ldap_controller.rb at stable · zammad/zammad · GitHub

MrGeneration · October 29, 2024, 10:12am

So it’s not a configuration issue, but a “code issue”.

fliebe92 · October 29, 2024, 10:50am

The error code list might be incomplete.

MrGeneration · October 29, 2024, 10:59am

@pratat Do you happen to know what error message your LDAP returns upon Zammad trying to bind anonymously without being permitted to?

dominikklein · October 29, 2024, 12:49pm

There was also a same error with lldap, which was a wrong error handling on the LDAP side: [BUG] Misleading error code when trying to bind without authentication · Issue #974 · lldap/lldap · GitHub

pratat · November 4, 2024, 6:29am

Sorry for the late response. Here are the error message.

2024-10-29T06:07:24.910430721+00:00 INFO ┕━ LDAP request [ 68.1µs | 47.27% / 48.97% ]
2024-10-29T06:07:24.910440790+00:00 DEBUG ┝━ [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: “”, cred: LdapBindCred::Simple }), ctrl: }
2024-10-29T06:07:24.910443194+00:00 DEBUG ┝━ do_bind [ 2.35µs | 1.69% ] dn:
2024-10-29T06:07:24.910454916+00:00 DEBUG ┕━ [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: NamingViolation, matcheddn: “”, message: “Missing DN value”, referral: }, saslcreds: None })

Do note that i am using LLDAP that dominikklein had mentioned.

pratat · November 4, 2024, 6:30am

Yes you are right. I have reached out to them in discord and this has been resolved by updating to their latest version. [info]: Starting LLDAP version 0.5.1-alpha

2024-10-29T07:53:27.847936508+00:00 DEBUG ┝━ [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: “”, cred: LdapBindCred::Simple }), ctrl: }
2024-10-29T07:53:27.847939503+00:00 DEBUG ┝━ do_bind [ 851ns | 0.45% ] dn:
2024-10-29T07:53:27.847947919+00:00 DEBUG ┕━ [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: InappropriateAuthentication, matcheddn: “”, message: “Anonymous bind not allowed”, referral: }, saslcreds: None })

and i got the Zammad LDAP wizard.

system · November 11, 2024, 6:31am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.