error in LDAP user management

I can't get success in validating users agains LDAP service.
ldap://p2ml.org:389
LDAP user: CN=admin,DC=p2ml,DC=org
DN: ou=ING,ou=C_1415,ou=p2ml,dc=p2ml,dc=org

I get: There is no user jbmere and creating new users is disabled.
and the log file for the tomcat service (under ubuntu 14.04 64 bits) looks like:

Thu Jul 10 07:59:18 CEST 2014 INFO ADao Entity modified: User: admin -> lastLoginDateAndTime=2014-07-10 07:59:18 | app:kunagi > session:138.100.72.88
Thu Jul 10 07:59:18 CEST 2014 INFO WebSession User set: admin | app:kunagi > session:138.100.72.88
Thu Jul 10 07:59:19 CEST 2014 INFO Transaction Committing transaction: #71 (app:kunagi > session:81.39.114.116) | app:kunagi > session:admin > gwt-srv:startSession
Thu Jul 10 08:00:14 CEST 2014 INFO Ldap LDAP authentication for dummyUser on ldap://p2ml.org:389 | app:kunagi > session:admin > gwt-srv:TestLdap
Thu Jul 10 08:00:17 CEST 2014 INFO Ldap LDAP authentication for dummyUser on ldap://p2ml.org:389 | app:kunagi > session:admin > gwt-srv:TestLdap
Thu Jul 10 08:02:36 CEST 2014 INFO Ldap LDAP authentication for jbmere on ldap://p2ml.org:389 | app:kunagi > session:138.100.72.88

Then, up to me it is not informative at all

Do you have anyidea on how to get it running properly or how to increase the log making possible to understand where the problem is?
BTW, I've checked the proper value for DN by doing ldapsearch command successfuly.

hanks in advance.

Statement from Kunagi Team

Sorry, but we have no LDAP experts on our team. Please have a look into the following issues, perhaps you will find something helpful:

Status

Issue is closed.

Comments

Fri, Jul 11, 2014, 23:52 by jbmere

OK, finally I've got the issue fixed.

Some hints for other users:
a) You MUST put the keywords in capital letters, like CN=, OU=, etc.
in the LDAP configuration page for admin, under LDAP section.
b) You absolutely MUST accet user creation (or registration) as kunagi name it.
c) You must turn ON the project creation from the installation section under System settings.

Then, the user validation will pass the LDAP section and in this case it will create a local user and default project.

In my knowledge this solution is not good at all. If you want to accent only LDAP users, it is a pity to enable user registration manually.
If you want to have under control the projects living, to enable anuy user to create their own projects is also a weakness.

The LDAP should be an alternative registration of users, no matter when the user registration is enabled or not, for those cases when the user was granted from the LDAP service, its local users need to be created and the default project without paying attention to the status of the registration (it should be renamed as Local registration) or the project creation flag.

Thanks for considering these suggestions, whenever possible.

Post a comment



optional
optional