Subsonic Forum

by **Krazypoloc** » Tue Jan 17, 2012 4:41 pm

I am trying to setup Subsonic to use LDAP for authentication. Here are my current settings...
LDAP URL
ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"

LDAP search filter
(sAMAccountName={0})

LDAP manager DN
Blank

I assume I need to change the "LDAP search filter" field but I'm not sure what to. I would like to have everyone in the "Domain Users" group to have access to Subsonic. So I tried "(&(uid={0})(memberof=cn=Domain Users,ou=Groups,dc=hansondodge,dc=com))" for the LDAP Search FIlter field and that didn't work.

Here is some code from the trailing part of the log file.

Code: Select all: 339728411 [btpool0-44] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com"' 339728411 [btpool0-44] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=Employees,OU=User\Accounts,DC=hansondodge,DC=com" 339793320 [btpool0-44] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"' 339793320 [btpool0-44] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com" 339887038 [btpool0-47] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"' 339887038 [btpool0-47] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com" 340163617 [btpool0-47] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"' 340163617 [btpool0-47] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com" 340537374 [btpool0-50] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"' 340537374 [btpool0-50] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com" 340653802 [btpool0-52] INFO org.acegisecurity.ldap.DefaultInitialDirContextFactory - URL 'ldap://dc1.hansondodge.com:389/"OU=User\Accounts,DC=hansondodge,DC=com"', root DN is '"OU=User\Accounts,DC=hansondodge,DC=com"' 340653802 [btpool0-52] INFO org.acegisecurity.ldap.search.FilterBasedLdapUserSearch - SearchBase not set. Searches will be performed from the root: "OU=User\Accounts,DC=hansondodge,DC=com"

by **lovebags** » Wed Jan 18, 2012 1:28 pm

I don't totally understand the inner workings of LDAP but we use it for our subsonic setup and got the IT people to help fill in the gaps. Our URL is similar to yours but we also have the LDAP Manager DN filled out with a username and password that must be the bit that allows access to the LDAP system. Have not changed the default search filter at all from the (sAMAccountName={0})

by **Krazypoloc** » Wed Jan 18, 2012 3:46 pm

Thanks lovebags. Yeah I tried entering my account into those fields (I'm an enterprise admin) and that didn't do it. Hmm...hopefully someone else can weigh in on this.

Just so I get this straight though, what should happen is that when I try and log into Subsonic with a user ID that does not yet exist in Subsonic but is an Active AD user it should sign them in correct?

by **lovebags** » Wed Jan 18, 2012 10:35 pm

Yes it should log them in, as long as you have selected the "Automatically create users in Subsonic" checked.
Our URL is in the format ldap://ad1.xxxxx.xxx.xx:3268/dc=xxxxxxx,dc=xxx,dc=xx so maybe you could try removing the inverted commas and the user and account bit and just have DC=hansondodge,DC=com

by **Krazypoloc** » Fri Jan 20, 2012 6:02 pm

Yeah this didn't work.....I have tried several things and nothing seems to work. Any more help on this would be great.

by **Maximo** » Wed Apr 04, 2012 2:38 pm

This should work better for you.

ldap://dc1.hansondodge.com:389/cn=Users ... dge,dc=com

by **Krazypoloc** » Wed Apr 04, 2012 2:44 pm

I actually got it working.....I had to put "domain_name\username" in the "LDAP manager DN" field....

by **sir2u** » Wed Apr 25, 2012 9:25 pm

Just a word of caution: Unless you're using LDAPS, the credentials for the bind account are sent in cleartext. I'd advise against using yours or any privileged account. I don't think the account needs to have any kind of special rights.

by **Krazypoloc** » Wed Apr 25, 2012 9:35 pm

sir2u wrote:Just a word of caution: Unless you're using LDAPS, the credentials for the bind account are sent in cleartext. I'd advise against using yours or any privileged account. I don't think the account needs to have any kind of special rights.

Thanks, I will have to create and use a service account for this.

Subsonic Forum

LDAP Configuration Help

LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Re: LDAP Configuration Help

Who is online