LDAP Authentication for Linux - Community Version (Moved from Installation Forum): /home/Support/LabKey Support Forum

LDAP Authentication for Linux - Community Version (Moved from Installation Forum)

LabKey Support Forum

View Message

LDAP Authentication for Linux - Community Version (Moved from Installation Forum) joseph mackey 2020-03-06 12:05

Status: Active

LDAP Authentication for Linux - Community Version joseph mackey EDIT 2020-02-21 14:36
Status: Active

Hello,
I have installed Labkey 19.3 Community Version.
While I have a connection string that works from the test screen, I cannot configure it in the LDAP Auth Settings.
I have configured other applications for AD authentication and works when using the sAMAccountName and the full DN (so does the test)
Even when adding the configuration to the labkey.xml file, does not seem to make a difference.

Is there a way to enable verbose logging for LDAP auth attempts?
When adding DN to the LDAP principle template, is there a way to substitute sAMAccountName instead of email or UID?
When using My full DN I am able to log in with my email and AD password but i'm the only user able to login with AD credentials.
Build info:
OS RedHat Enterprise Linux 7.7
Product Name PostgreSQL
Product Version 12.1
JDBC Driver Name PostgreSQL JDBC Driver
JDBC Driver Version 42.2.8
Servlet Container Apache Tomcat/9.0.30
Java Runtime Vendor N/A
Java Runtime Name OpenJDK Runtime Environment
Java Runtime Version 13.0.2+8

chetc (LabKey Support) responded: 2020-03-06 10:55
Hello,

Yes there is. There is no need to enable anything since this is already happening. The labkey.log file should indicate a LDAP login failure and so should the AuditLog found in the admin console.

You should be able to sub for anything. The principal template is used to search through the LDAP global directory and reassociate one value for another.

You can find more information about LDAP Configuration on our Documentation site.
https://www.labkey.org/Documentation/wiki-page.view?name=configLdap

Thanks,
Chet

chetc (LabKey Support) responded: 2020-03-06 10:55
Hello,

We appreciate you utilizing our forums!

However this forum will become inactive very soon. To follow up on this question or to ask new question please use our new forum.

LabKey Support Forum - https://www.labkey.org/home/Support/LabKey Support Forum/project-begin.view?

Thanks,
Chet

joseph mackey responded:	2020-03-11 08:37
Hello Chet. I came across the page you suggested before. I do not have option for LDAP Sync. I also get errors when i try to do any substitutions other than ${email} or ${uid}: Invalid template: valid replacements are ${email} and ${uid} I added the LDAP settings to the labkey.xml file but Labkey seem to completely ignore it. Regards, Joseph
Annotation 2020-03-11 112234.jpg Annotation 2020-03-11 112322.jpg Annotation 2020-03-11 113518.jpg

adam responded:	2020-03-11 16:36
Status: Closed
LDAP sync and LDAP search are premium features, not available in the Community Edition. In 20.3 (production release of LabKey Server coming out next week), LDAP authentication will become a premium feature as well. We've tried to make this clear in the documentation and the release notes. Adam

johann pellet responded:	2020-03-26 09:05
Status: Active
Dear all, I spent 2 days trying to configure without success the LDAP authentication in Labley 19.3 (free for the Community Edition). With the settings below: LDAP Server URL: ldap://auth-ldap.myorganism.org:389 Security Principal: cn=admin,dc=myorganism,dc=org Password: thecorrectpassword The authentication succeeded. But it's not clear for me to understand how I should configure correctly the LDAP page setting or the labkey.xml files to work with an email&password. I tried to change the Security Principal to: mail=john.doe@myorganism.org,ou=users,dc=myorganism,dc=org but it did not work. I tried to change the labkey.xml file following the LDAP Search Option section of the page :https://www.labkey.org/Documentation/Archive/19.3/wiki-page.view?name=configLdap#process, without success. Could we use for the variable ldapSearch_username someting like "cn=admin,dc=myorganism,dc=org" or it should be an email? Thanks for your feeback. Johann

adam responded:	2020-04-09 14:51
Status: Closed
You have a security principal that works, so that's good. It looks like you just need to construct and specify a security principal template that produces a security principal in the same form. What is the corresponding email address for user "admin"? Is it admin@myorganism.org? If so, then this security principal template should work: `cn=${uid},dc=myorganism,dc=org` As mentioned in the documentation, LabKey will replace `${uid}` with the portion of the user's email address to the left of the @ symbol. It doesn't look like you need LDAP Search... which is good, because, as I posted earlier, this rarely needed capability is not part of the Community Edition. Don't put any settings into labkey.xml; your LDAP authentication should be configured via the admin web UI only. Adam