I’m not sure if the community edition will allow you to bind. I’ll let Andrew reply. (but i don’t think it does)
-- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless Solutions Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Oct 27, 2014, at 6:35 PM, Andy Thomson <[email protected]<mailto:[email protected]>> wrote: Hi, I have read a few threads on this topic, but still seem to be missing something. I'm trying to get users in my Active Directory to login to Baruwa. I have configured a domain "qirx.com.au<http://qirx.com.au>", which is one of our externally facing domains. The AD I want to use for authentication is called "qirx.local". I've configured one of our DCs as an authentication server, protocol LDAP, port 389, and ticked "split address", as I only want to pass the username component through, obviously, and left the Username Map Template blank. In the LDAP configuration, I've started off just trying to authenticate some users in the default "Users" container, so I have the following: BaseDN: CN=Users,DC=qirx,DC=local Unsename Attribute: sAMAccountName Email Attribute: mail Bind DN: CN=<LDAP Bind User>,CN=Users,DC=qirx,DC=local (this is a user account/password that we are successfully using for LDAP binds elsewhere) BindPW: <the password for the above> Use TLS: No Search for UserDN: Yes Auth Search Filter: Have tried leaving this empty, "sAMAccountName=%u", and various other things. Auth Search Scope: Subtree I have successfully bound to the AD When I attempt to log in, I get "The username or password you entered is incorrect", and the output to what-who.log is included below. To me, the "no identities found, not authenticating" message suggests that the FriendlyFormPlugin is not processing the information correctly, although logging in with the locally defined administrator account works fine. 2014-10-28 10:16:49,096 -- repoze.who request started (/login) -- 2014-10-28 10:16:49,098 request classification: browser 2014-10-28 10:16:49,099 identifier plugins registered [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,099 identifier plugins matched for classification "browser": [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,104 authenticator plugins registered [<repoze.who.plugins.sa.SQLAlchemyAuthenticatorPlugin object at 0x7f77a7870610>, <BaruwaLDAPAuthPlugin 140151888480976>, <baruwa.lib.auth.pop3auth.BaruwaPOPAuthPlugin object at 0x7f77a7639e90>, <baruwa.lib.auth.imapauth.BaruwaIMAPAuthPlugin object at 0x7f77a75efcd0>, <baruwa.lib.auth.smtpauth.BaruwaSMTPAuthPlugin object at 0x7f77a7639d90>, <baruwa.lib.auth.radiusauth.BaruwaRadiusAuthPlugin object at 0x7f77a787c750>] 2014-10-28 10:16:49,104 authenticator plugins matched for classification "browser": [<repoze.who.plugins.sa.SQLAlchemyAuthenticatorPlugin object at 0x7f77a7870610>, <BaruwaLDAPAuthPlugin 140151888480976>, <baruwa.lib.auth.pop3auth.BaruwaPOPAuthPlugin object at 0x7f77a7639e90>, <baruwa.lib.auth.imapauth.BaruwaIMAPAuthPlugin object at 0x7f77a75efcd0>, <baruwa.lib.auth.smtpauth.BaruwaSMTPAuthPlugin object at 0x7f77a7639d90>, <baruwa.lib.auth.radiusauth.BaruwaRadiusAuthPlugin object at 0x7f77a787c750>] 2014-10-28 10:16:49,194 static downstream application replaced with The resource was found at 2014-10-28 10:16:49,196 no challenge required 2014-10-28 10:16:49,196 -- repoze.who request ended (/login) -- 2014-10-28 10:16:49,229 -- repoze.who request started (/accounts/loggedin) -- 2014-10-28 10:16:49,229 request classification: browser 2014-10-28 10:16:49,229 identifier plugins registered [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,229 identifier plugins matched for classification "browser": [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,230 no identities found, not authenticating 2014-10-28 10:16:49,250 no challenge required 2014-10-28 10:16:49,250 -- repoze.who request ended (/accounts/loggedin) -- 2014-10-28 10:16:49,284 -- repoze.who request started (/accounts/login) -- 2014-10-28 10:16:49,284 request classification: browser 2014-10-28 10:16:49,284 identifier plugins registered [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,284 identifier plugins matched for classification "browser": [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,285 no identities found, not authenticating 2014-10-28 10:16:49,318 no challenge required 2014-10-28 10:16:49,318 -- repoze.who request ended (/accounts/login) -- 2014-10-28 10:16:49,383 -- repoze.who request started (/jsi18n.js) -- 2014-10-28 10:16:49,386 request classification: browser 2014-10-28 10:16:49,386 identifier plugins registered [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,387 identifier plugins matched for classification "browser": [<FriendlyFormPlugin 140151888479312>, <AuthTktCookiePlugin 140151886005904>] 2014-10-28 10:16:49,388 no identities found, not authenticating 2014-10-28 10:16:49,407 no challenge required 2014-10-28 10:16:49,407 -- repoze.who request ended (/jsi18n.js) -- Any help or suggestions would be greatly appreciated. Thanks Andy. _______________________________________________ http://pledgie.com/campaigns/12056
_______________________________________________ http://pledgie.com/campaigns/12056
