-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #9063 Added sanity check to determine if a bind user account is set. #9340
Conversation
@snipe @uberbrady I create a new PR targeted to the develop branch. Here is a reference to the previous PR, which I will close. Thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfection! Thank you so much.
Congrats on merging your first pull request! 🎉🎉🎉 |
Hello, Not sure if this is still relevant but I've been trying to sort this out since last few days. Hosting snipe-it on prem. The ldap synchronises flawlessly. However, user authentication is not successful. Not sure why is it trying to bind Admin user. If anyone can help it will be a great saviour. |
@rajkhowaabhijit Simply set your Bind username and password in the LDAP settings: You're experiencing the same problem described in #9063. |
Hello @raelldottin , I am currently running Version v6.2.3 and we do not have the option for Append Domain Name. Also please could you elaborate on 'Simply set your Bind username and password in the LDAP settings:' Somehow my laravel.log is not getting generated and I am not able to understand why so. The only lead I have is with APP_DEBUG=true and checking the LOG.debug: Status of binding Admin user: uid=username,dc=ourdomain,dc=XX to directory instead: FAILURE |
I’m not a developer on this project, but I’d recommend creating a new issue
to seek assistance. That way, the right folks can jump in to help you out.
It’s generally best to keep closed pull requests as they are for clarity.
Thanks for reaching out!
In LDAP (Lightweight Directory Access Protocol) terminology, an "Admin Bind
User" is an account that has the necessary privileges to perform
administrative operations within the LDAP directory. Here’s a breakdown of
the components and their roles:
1. **LDAP**: This is a protocol for accessing and maintaining distributed
directory information services over an Internet Protocol (IP) network. It's
commonly used for organizing user and group information, such as for login
authentication and authorization.
2. **Bind**: This is the process by which an LDAP client authenticates to
the LDAP server. It's equivalent to "logging in" to the directory.
3. **User**: In this context, it refers to the account that the client is
using to authenticate (or bind) to the LDAP server.
4. **Admin**: This suggests that the user has administrative privileges.
So, an Admin Bind User is essentially a user account that logs into the
LDAP server with sufficient rights to perform tasks such as adding or
removing users, modifying user attributes, managing group memberships, and
more. These tasks are beyond what a regular user can do, which might be
limited to reading their own user information or searching the directory.
The credentials of an Admin Bind User are critical and should be protected
because they can potentially alter the entire directory's structure and
content. They are often used by applications or services that need to
interact with the LDAP directory in a way that requires elevated privileges.
…On Wed, Nov 8, 2023 at 4:18 AM rajkhowaabhijit ***@***.***> wrote:
Hello @raelldottin <https://github.com/raelldottin> ,
I am currently running Version v6.2.3 and we do not have the option for
Append Domain Name. Also please could you elaborate on 'Simply set your
Bind username and password in the LDAP settings:'
Somehow my laravel.log is not getting generated and I am not able to
understand why so. The only lead I have is with APP_DEBUG=true and checking
the
LOG.debug: Status of binding Admin user: uid=username,dc=ourdomain,dc=XX
to directory instead: FAILURE
—
Reply to this email directly, view it on GitHub
<#9340 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACNMV7RBTSCLDHECQRAISTYDNE7HAVCNFSM4ZYBK5WKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOBQGEZTQOBYGYZQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Description
This bug was introduced in this commit: #7919
The adlap2 module binds to the AD/LDAP server using $username and $password because the third parameter in $this->ldap->auth()->attempt($username, $password, true) is set to true. When the third parameter is set to false, it allows the adldap2 module to bind to the AD/LDAP server using AD/LDAP Bind Username and Password from app/Services/LdapAdConfiguration.php. Then, It will authenticate the $username and $password against the AD/LDAP server. This change fixes issue #9063.
The original rewrite of this code accounted for this by omitting the third parameter.
#6352
Reference: Adldap2 setup documentation -- https://github.com/Adldap2/Adldap2/blob/master/docs/setup.md
Fixes #9063
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Test Configuration:
Checklist: