LDAP Auth failing, but I'm using these settings in YouTrack

Here is my config

java.naming.provider.url=ldap://10.1.1.2:389/OU=Users,OU=FSM,DC=fsmobile,DC=ca

# Windows username for user to browse LDAP
java.naming.security.principal=fsmobile\Admin
# Windows password for user to browse LDAP
java.naming.security.credentials=AdminsPassWord

java.naming.security.authentication=none

# Root note containing all the LDAP users (full entry DN is "CN=Users,DC=example,DC=com")
teamcity.users.base=OU=Users,OU=FSM,DC=fsmobile,DC=ca

# filtering only users with specified name and belonging to LDAP group "Group1" with DN "CN=Group1,CN=Users,DC=example,DC=com"
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=FSM Developers,OU=Groups,OU=FSM,DC=fsmobile,DC=ca))

# retrieving TeamCity username form the "sAMAccountName" LDAP entry attribute
teamcity.users.username=sAMAccountName

# Allow only username part without domain
teamcity.auth.loginFilter=[^/\\\\@]+

# No synchronization, just login.
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=false



And my log file reports


[2013-08-25 12:01:13,584]   WARN -     jetbrains.buildServer.LDAP - Search in LDAP: base='OU=Users,OU=FSM,DC=fsmobile,DC=ca', filter='(&(sAMAccountName=cflorell)(memberOf=CN=FSM Developers,OU=Groups,OU=FSM,DC=fsmobile,DC=ca))', scope=2, attributes=[sAMAccountName, distinguishedName] resulted in error
[2013-08-25 12:01:13,585]   INFO -     jetbrains.buildServer.LDAP - Failed to find user in LDAP by 'cflorell'. Cause: Invalid credentials ([LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0 ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v23f0 ])


These settings (or a varriation of) work as expected in YouTrack, PFSense, GitBlit, and OctoDeploy. I'm not sure what I'm missing Here.
1 comment
Comment actions Permalink

These settings appear to be allowing me in.

# Root note containing all the LDAP users (full entry DN is "CN=Users,DC=example,DC=com")
teamcity.users.base=OU=Users,OU=FSM,DC=fsmobile,DC=ca

# filtering only users with specified name and belonging to LDAP group "Group1" with DN "CN=Group1,CN=Users,DC=example,DC=com"
## teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=FSM Developers,OU=Groups,OU=FSM,DC=fsmobile,DC=ca))

# retrieving TeamCity username form the "sAMAccountName" LDAP entry attribute
teamcity.users.username=sAMAccountName
teamcity.users.property.displayName=displayName

# Allow only username part without domain
## teamcity.auth.loginFilter=[^/\\\\@]+

# No synchronization, just login.
teamcity.options.users.synchronize=true
teamcity.options.groups.synchronize=false


Notice the lines I had to comment out.

Unfortunately, the `teamcity.users.property.displayName=displayName` line is still not working ?:|

0

Please sign in to leave a comment.