This object is in archive! 

LDAP support is really incomplete

Archived Henrik G. 10 years ago

I am trying to get LDAP working with active directory using v2.3.11. However it didn't go very well for the following reasons:


1. The docs are very incomplete. For AD you should use the object sAMAccountName which is not mentioned. To compare with here is our LDAP connectivity docs: https://docs.x-formation.com/display/LICSTAT/Connecting+to+an+LDAP+server


2. Authentication against LDAP is not working. The problem here is that the fields Manager DN and password are missing. The docs says nothing about how this is handled.

Our AD setup requires authentication to get any information out. I am unable to find out if these values are being sent... to what value, etc. Refer to our docs above and notice that we're using a simple account called login for this purpose.


3. When I partly got LDAP working then either it spits out error messages of your application or gives generic "LDAP authentication error" messages. However in order to debug this I need to get the full ldap error. The docs says nothing about where to find it. Is it even available?


4. In a single case I managed to get it to authenticate but the result was that no profile data was transferred ... e.g. full name and email fields were not copied over and left with default... not good enough. Again no error log anywhere.

Replies (4)

photo
1

Henrik,

LDAP is rarelly used feature among our customers. We already have plans for rethinking about LDAP implementation to make it more flexible.

Could you please shortly describe us what changes you would like to see in our next releases regarding LDAP setup?

By the way all our customers who using LDAP integration are satisfied and usually had no problems with setup. I guess that your LDAP server has been configured little bit more complicated than in frequent case, therefore our settings are not enough to satisfy your needs.

photo
1

The issue as I see it is that not all LDAP fields are exported. What is really missing are the manager fields.


The above documentation shows exactly which fields should be there and since we use exactly the same libraries as you then we know that it works as expected.


So just export the missing fields and it should work ok.

photo
1

Yes, we'll expand LDAP functionality in 3.x line. We've put it in planned features, that would be done soon.

photo
1

Hello Henrik,


With 3.2 release, we've extended LDAP support with variety of options to choose for custom LDAP settings. Please review it and let us know if you find anything missing.

Replies have been locked on this page!