LDAP authentication problem
Greetings,
We're attempting to install Teamcity on our CentOS 5.5 Linux server, we're using Java v1.6.0_21 and wish to authenticate with our existing OpenLDAP server.
Our LDAP server is working fine, it's handling authentication on many other systems, and applications, so I know the LDAP server is not part of the problem.
I've enabled debug output on teamcity and am seeing the following output when attempting to login to Teamcity.
[2010-07-22 11:54:46,098] DEBUG - jetbrains.buildServer.LDAP - Failed to login user 'ddobies'. Cause: Invalid DN syntax ([LDAP: error code 34 - invalid DN])
javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
Our ldap-config.properties file costs of:
java.naming.provider.url=ldap://ldap01.ourcompany.com:389/dc=ourcompany,dc=com
I logged into our ldap server and watched for the login error and see the following:
Jul 22 12:54:46 ldap01 slapd[22392]: conn=3120430 fd=209 ACCEPT from IP=192.168.xx.xx:55550 (IP=192.168.xx.xx:389)
Jul 22 12:54:46 ldap01 slapd[22392]: conn=3120430 op=0 do_bind: invalid dn (ddobies)
Jul 22 12:54:46 ldap01 slapd[22392]: conn=3120430 op=0 RESULT tag=97 err=34 text=invalid DN
Jul 22 12:54:46 ldap01 slapd[22392]: conn=3120430 fd=209 closed (connection lost)
Any ideas on what I'm doing wrong?
Thanks!
Doug
Please sign in to leave a comment.
Hi Doug,
Could you please provide the full ldap-config.properties file?
---
Maxim
Hi Maxim,
There's very little modified aside from site specific items, however here is our config file.
Thanks!
Doug
Attachment(s):
ldap-config.properties.zip
OK. I see.
I have an idea on what might be happening: the actual error is authentication error, but it is reported in this strange way.
Please try to set formatDN so that it transforms the $login$ into full DN.
---
Maxim
Hi Maxim,
We're getting further along now, but we're are seeing
due to authentication error. Cause: Invalid credentials ([LDAP: error code 49 - Invalid Credentials])
Thanks!
Doug
Hi Doug,
Yes, that's what I meant - the problem is "Invalid Credentials". Provide you configuration and logs please.
---
Maxim
Maxim,
Here is the current ldap-config.properties file, and log output.
Thanks!
Doug
Attachment(s):
teamcity-ldap.log.zip
ldap-config.properties.zip
Hi Doug,
I don't see any obvious mistakes in the config. Please note that many LDAP servers require full DN as the username, so check that your full DN in LDAP is exactly "uid=ddobies,cn=cognosmanager,dc=cognos,dc=genscape,dc=meta"
Also consider tuning java.naming.security.authentication property (can be "none", "simple" and "strong").
---
Maxim
Maxim,
I've switched java.naming.security.authentication to none and that worked.
Thanks!
Doug
Do NOT change the setting mentioned above to "none". It will completely disable authentication checks and allow anyone to login into any user.
I know that this is old but I stumbled upon this with a Google search and wanted to warn others coming here.