Ldap authentication fail

Hi there,

I have an issue with ladp authentication, I am using teamcity v7.1.2 and configurate ldap login module, but I can login when set teamcity.users.base to specific sub DN, but I want to use all users under root ldap server(windows server 2003).
My ldap-config.properties is like:


java.naming.provider.url=ldap://10.89.5.233:389/dc=sibo,dc=org
java.naming.security.principal=ama@sibo.org
java.naming.security.credentials=ama


teamcity.users.base=
teamcity.users.username=sAMAccountName
java.naming.referral=follow
java.naming.security.authentication=simple
teamcity.auth.loginFilter=.*
teamcity.options.users.synchronize=true
teamcity.users.filter=(objectClass=user)
teamcity.options.groups.synchronize=false
teamcity.options.createUsers=false
teamcity.options.deleteUsers=false
teamcity.options.syncTimeout = 3600000


I have two users under DN "OU=group1,dc=sibo,dc=org", and some other users under DN "CN=Users, dc=sibo,dc=org", however I want to use all these users, so I set "teamcity.users.base" to empty, but none of the users can login.
If I set teamcity.users.base=cn=Users, or teamcity.users.base=ou=group1, the coresponding users under them can login successfully.
After checking the teamcity-ldap.log, when fail with user "ama",I get the following output:
...

[2013-04-15 17:47:48,000]   INFO -     jetbrains.buildServer.LDAP - Sync with LDAP users done
[2013-04-15 17:47:48,000]   INFO -     jetbrains.buildServer.LDAP - Last synchronization statistics: created users=0, updated users=0, removed users=0, users in ldap=9, matched users=2, duration=63782ms, errors=[]


[2013-04-15 17:48:11,531]   WARN -     jetbrains.buildServer.LDAP - Search in LDAP: base='', filter='(sAMAccountName=ama)', scope=2, attributes=[sAMAccountName, distinguishedName] resulted in error
[2013-04-15 18:01:46,578]   INFO -     jetbrains.buildServer.LDAP - ------ Sync with LDAP users started ------
[2013-04-15 18:02:50,359]   INFO -     jetbrains.buildServer.LDAP - Sync with LDAP users done
[2013-04-15 18:02:50,359]   INFO -     jetbrains.buildServer.LDAP - Last synchronization statistics: created users=0, updated users=0, removed users=0, users in ldap=9, matched users=2, duration=63781ms, errors=[]


Anyone knows why?

3 comments
Comment actions Permalink

teamcity.users.base is an optional property. You can comment it out, so TeamCity should search accounts from the root of the domain.

Data in the log does not reflect the settings you listed.
Is the issue still reproducible?

Could you perform one more test please, try to login by both kinds of accounts, and post a full log of these attempts.

Thanks

0
Comment actions Permalink

Hi Michael,
Comment out "teamcity.users.base" is still not working.
If comment it, the failed log is attached as teamcity-server_fail.log and teamcity-ldap_fail.log

if set teamcity.users.base = cn=Users, login success, log attached as teamcity-server-success.log and teamcity-ldap-success.log.

By the way, the ladp server and teamcity server are not in the same domain, but they can access to each other, the user accounts created in ldap server have no computer logon restriction.



Attachment(s):
teamcity-ldap-success.log.zip
teamcity-server-success.log.zip
teamcity-ldap_fail.log.zip
teamcity-server_fail.log.zip
0
Comment actions Permalink

I only have this issue with my test AD server, with our real domain server, it works, so I guess, this issue is not related to teamcity, thank you for all your support.

0

Please sign in to leave a comment.