Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

LDAP Configuration Help

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=8777

Page 1 of 1

LDAP Configuration Help

PostPosted: Tue Jan 17, 2012 4:41 pm
by Krazypoloc
I am trying to setup Subsonic to use LDAP for authentication. Here are my current settings...
LDAP URL
ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"

LDAP search filter
(sAMAccountName={0})

LDAP manager DN
Blank


I assume I need to change the "LDAP search filter" field but I'm not sure what to. I would like to have everyone in the "Domain Users" group to have access to Subsonic. So I tried "(&(uid={0})(memberof=cn=Domain Users,ou=Groups,dc=hansondodge,dc=com))" for the LDAP Search FIlter field and that didn't work.

Here is some code from the trailing part of the log file.

Code: Select all
339728411 [btpool0-44] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com"'
339728411 [btpool0-44] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com"
339793320 [btpool0-44] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"'
339793320 [btpool0-44] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"
339887038 [btpool0-47] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"'
339887038 [btpool0-47] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"
340163617 [btpool0-47] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"'
340163617 [btpool0-47] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"
340537374 [btpool0-50] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"'
340537374 [btpool0-50] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"
340653802 [btpool0-52] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory -  URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"'
340653802 [btpool0-52] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"

Re: LDAP Configuration Help

PostPosted: Wed Jan 18, 2012 1:28 pm
by lovebags
I don't totally understand the inner workings of LDAP but we use it for our subsonic setup and got the IT people to help fill in the gaps. Our URL is similar to yours but we also have the LDAP Manager DN filled out with a username and password that must be the bit that allows access to the LDAP system. Have not changed the default search filter at all from the (sAMAccountName={0})

Re: LDAP Configuration Help

PostPosted: Wed Jan 18, 2012 3:46 pm
by Krazypoloc
Thanks lovebags. Yeah I tried entering my account into those fields (I'm an enterprise admin) and that didn't do it. Hmm...hopefully someone else can weigh in on this.

Just so I get this straight though, what should happen is that when I try and log into Subsonic with a user ID that does not yet exist in Subsonic but is an Active AD user it should sign them in correct?

Re: LDAP Configuration Help

PostPosted: Wed Jan 18, 2012 10:35 pm
by lovebags
Yes it should log them in, as long as you have selected the "Automatically create users in Subsonic" checked.
Our URL is in the format ldap://ad1.xxxxx.xxx.xx:3268/dc=xxxxxxx,dc=xxx,dc=xx so maybe you could try removing the inverted commas and the user and account bit and just have DC=hansondodge,DC=com

Re: LDAP Configuration Help

PostPosted: Fri Jan 20, 2012 6:02 pm
by Krazypoloc
Yeah this didn't work.....I have tried several things and nothing seems to work. Any more help on this would be great.

Re: LDAP Configuration Help

PostPosted: Wed Apr 04, 2012 2:38 pm
by Maximo
This should work better for you.

ldap://dc1.hansondodge.com:389/cn=Users ... dge,dc=com

Re: LDAP Configuration Help

PostPosted: Wed Apr 04, 2012 2:44 pm
by Krazypoloc
I actually got it working.....I had to put "domain_name\username" in the "LDAP manager DN" field....

Re: LDAP Configuration Help

PostPosted: Wed Apr 25, 2012 9:25 pm
by sir2u
Just a word of caution: Unless you're using LDAPS, the credentials for the bind account are sent in cleartext. I'd advise against using yours or any privileged account. I don't think the account needs to have any kind of special rights.

Re: LDAP Configuration Help

PostPosted: Wed Apr 25, 2012 9:35 pm
by Krazypoloc
sir2u wrote:Just a word of caution: Unless you're using LDAPS, the credentials for the bind account are sent in cleartext. I'd advise against using yours or any privileged account. I don't think the account needs to have any kind of special rights.

Thanks, I will have to create and use a service account for this.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/