Topic: SME8b7 - LDAP Authentication

[Jáder]

I'm testing SME8b7 LDAP authentication.
Using a LDAP Browser as client and:
base dn=ou=Users,dc=antinsect,dc=com,dc=br
If I connect without user information I'm able to see users info.
But my browser allow to put and user and password... and this way I cannot connect.

I'm tryi8ng to use pfSense 2.0 + squid (as pfSense module) authenticating on SME8b7
On pfSsense interface
Services
Proxy Server
auth settings TAB

I have 5 fields ( I put the numbers to later reference ):

1 - LDAP server user DN   
Enter here the user DN to use to connect to the LDAP server.

2 - LDAP password   
Enter here the password to use to connect to the LDAP server.

3 - LDAP base domain   
For LDAP authentication, enter here the base domain in the LDAP server.

4 - LDAP username DN attribute   
Enter LDAP username DN attibute.

5 - LDAP search filter
Enter LDAP search filter.

So to field I fill it with:
1 - cn=root,dc=antinsect,dc=com,dc=br  or cn=admin,dc=antinsect,dc=com,dc=br  or
cn=root,ou=Users,dc=antinsect,dc=com,dc=br  or cn=admin,ou=Users,dc=antinsect,dc=com,dc=br  or
(or with uid= and not cn=)

2 - the ldap password (sme admin/root user password)
3 - ou=Users,dc=antinsect,dc=com,dc=br
4 - uid
5 - uid=%s or (objectClass=inetOrgPerson)


but none of them appears to work.

Any ideas ?

[Stefano]

hi.. take a look here: http://wiki.contribs.org/LDAP

please report any bug in bugzilla, thank you

[CharlieBrady]

I'm testing SME8b7 LDAP authentication.

Testing is great! But it's only really useful if you report any problems you find via the bug tracker. And if you find problems, it works best if you discuss those problems only in one place, so that information doesn't get fragmented. Thanks.

[Jáder]

Charlie

I think you really could do a better use of your time.
Because you're not helping anyone. Even passing a bad impression about you.
And I'm sure you're a nice guy... you're a top programmer of SME!

Stefano's answer was a lot better.

[CharlieBrady]

I think you really could do a better use of your time.

Well if you would like me to work on things other than SME server you should continue to criticise what I do, in public. Very encouraging. Thanks.

[Stefano]

Jader, Charlie.. please..

Jader: Charlie told you exactly what I did in my previous post: remember to submit any bug in bugzilla
Charlie: please continue your work on SME

[Jáder]

Charlie

I have a GREAT respect about your work, just cannot understand why you're spending your time reading forums and giving no so friendly answers to a lot of persons.
If you're a developer and would like to everyone to use bugzilla, just read bugzilla and NEVER reply to questions on forums.
When someone else (Stefano) points the forgotten (me!) about to use Bugzilla, so they (ME AGAIN!) will have your attention.

If you reply forum questions about doubts with a tough response you're building a bad reputation to you and do not helping anyone.
I don't care if you abandon SME... SME will slow down a lot, but I think it will survive.
Any OSS project needs a comunity, and a comunity cannot survive if everyone involved is not friendly.

So I'd like to ask you: if you do not like the question: IGNORE IT... but PLEASE do not give a tough reply!
There are several other people (Mary, Stefano, ... even myself) wishing to help people with doubts, even the basic ones! Let us to do our work and use your time as you wish ... even in other projects, but PLEASE DO NOT GIVE TOUGH ANSWER ... just give your silence!

[Jáder]

Jader, Charlie.. please..

Jader: Charlie told you exactly what I did in my previous post: remember to submit any bug in bugzilla
Charlie: please continue your work on SME

Yes, but as my wife allways say: it's not what you say, it's HOW do you say!
Your answer was a polite one... but Charlie's...

[Stefano]

Jader.. I would agree with you but you are a forums' member since a looooong time.. you'd know Charlie.. he's a good guy but. he's Charlie.. that's all..

let's go back to work guys

[CharlieBrady]

Your answer was a polite one... but Charlie's...

Mine was polite too. I suggest you go read it again.

I said the same as Stefano, but in addition explained why it is important to report all testing results in the bug tracker, and to discuss only in the bug tracker.

Good night.

[Jáder]

I'm in a good morning (9AM here!)... so I'll start working again:

Bug created: http://bugs.contribs.org/show_bug.cgi?id=6801


But we need to create some page (or make it more visible) about what is a bug and what is a doubt.
My version of facts: what I have is a DOUBT : I'm not sure if I'm configurating that screen correct.
It's not a bug because I've no information about something was wrong neither I got a error message (I even cannot find where to look for them!).

That's because I open a new thread on forum.
And yes, I heard about "if do not work as desired, open a bug"... but for that we need a lot more documentation (and MYSELF and others need to read them!).
For those times something is written and was not read, support guys should just post the link to manual page (yes, do not "RFTM" only answers!) . 
Charlie and others top DEVELOPERS should focus on DEVELOPMENT... while Mary, Stefano  and many others like me focus on support forums.
 
That's my opinion... not intended to create flame war/discussion !

[Stefano]

Jader: did you try as suggested in the wiki page?
you should use: Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
does it work for you?

[Jáder]

Jader: did you try as suggested in the wiki page?
you should use: Authenticated User: uid=root,ou=Users,dc=sampledomain,dc=com
does it work for you?

Yes, I've tried... in fact, I've tried more than 20 different configurations... now I use a counter on REALM message to know I'm using the actual config. See bug's screen capture.

I think the problem is the other fields:
LDAP username DN attribute
LDAP search filter

What I should to put on those ?

Jáder

[Daniel B.]

I've just added some general informations on how to use the LDAP directory in the wiki: http://wiki.contribs.org/LDAP#Authentication
Please read it and tell us if you can solve your issue

Regards, Daniel

[Jáder]

Daniel

The new information was welcome but do not solve the problem.
I'm updating info on bug 6801 about error messages.