hi,
i installed eprnext, set my website then i did ldap authentication…connection is successful to ldap.
but when i try to login using ldap users its showing “Not a valid LDAP user”.
my erpnext version is mentioned below:
Installed Apps
ERPNext: v7.2.3
Frappe Framework: v7.2.4
i am trying to use online ldap test server mentioned in below link
anyone can help me in this issue.
appreciate your help!!
how can i check logs which help you in resolving this issue.
Hi,
Happy New Year!!
@umair & @saurabh6790 We are almost ready with the implementation and planning to roll out ERPNext at the earliest once we get a resolution in integrating Active Directory with ERPNext.
Your help in resolving this issue is highly appreciated, awaiting your feedback.Thanks for your support.
Hi All,
Im not sure if there was a resolution to this issue but my investigation lead me to a work around which I think we can add to the doctype and associtated python files to give users a more flexable approach.
The code works and Ive tested it successfully with the following changes (sorry have not yet learnt how to create a pull request or fix code - plan to for 2017 ;))
in the function: def authenticate_ldap_user(user=None, password=None): in /frappe-bench/apps/frappe/frappe/integrations/doctype/ldap_settings/ldap_settings.py
on the line where we are doing the search: result = conn.search_s(settings.organizational_unit…
I changed to :
result = conn.search_s(settings.organizational_unit, ldap.SCOPE_SUBTREE,
“sAMAccountName={0}”.format(user))
I also adjusted the line that reads: params[“username”] = cstr(…
to
params[“username”] = cstr(r[‘sAMAccountName’][0])
I think this can be made generic by adding in the doctype 3 more fields -
“Seach Parameter” - which will take the search criteria = “sAMAccountName={0}”
“First Name Mapping” - which will be the field to take from the LDAP query result for the first name
“Email Mapping” - which is the field for email address
Maybe we could have some kind of mapping table for other fields mappings.
But this is what I did to get it to work.
Await your feedback.
regards
Hemant
H Hemanti,
I did step you mentioned.
i change these 2 lines but its still same for me.
result = conn.search_s(settings.organizational_unit, ldap.SCOPE_SUBTREE,
“sAMAccountName={0}”.format(user))
I also adjusted the line that reads: params[“username”] = cstr(…
to
params[“username”] = cstr(r[‘sAMAccountName’][0])
Should i have to run any other command.
Thanks for your Support.
Regards,
Syed
Hi @sadi20107
if you using the test ldap at
LDAP Server Url: ldap://ldap.forumsys.com:389
Organizational Unit: dc=example,dc=com
Base Distinguished Name (DN): cn=read-only-admin,dc=example,dc=com
Password for Base DN: password
LDAP Search String: uid={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: uid
Hi @hpema108,
i try with online ldap test server and face same error.
Attached screenshot is for your reference.
i also attached screenshot of changes which i made in config file.
please confirm me one thing after make these changes in config file should i have to recompile my erpnext.
if yes, then what command should i use.
one more thing you mentioned in your last comment
LDAP Search String: uid={0}
LDAP First Name Field: cn
LDAP Email Field: mail
LDAP Username Field: uid
i have to use this configuration somewhere or its just for information.
Waiting for your reply.
Thanks for your support.
Regards,
Syed
Hi @sadi20107
Sorry the additional fields I mention was on my end - I created a pull request for the changes to the LDAP settings feature.
Your code is correct according to your screen shot, I usually do a bench update on my setup as im using the production install. Not sure what you running.
Also I noticed that your Organizational Unit is different from my settings, I have Organizational Unit: dc=example,dc=com
Hope that helped.
regards
Hemant
hi @hpema108,
I use same OU settings which you mentioned and getting same result.
can you send me the installation & configuration guide link which you are using in your environment.
i will try to use same.
Regards,
Syed
Hi @sadi20107,
change the code you changed in ldap_setting.py back. So replace “sAMAccountName={0}” to “uid=*{0}” and you can uncomment params[“username”] = cstr(r[‘uid’][0])
compile the code with bench update.
run the test.
regards
Can you share different kind of LDAP settings so that we can build configurable param and user won’t need to make changes in code and this also builds robust LDAP auth .
@hpema108 your pull request is in review, we will test it and merge it in couple of days.
I have done that in my pull request - updated the doctype and added all the fields and changed the code so that its all configurable via the site and not in the backend and code. Im just trying to get Syed up and running to identify where the problem lies.
I have test on my branch so if the pull request is merged it will work as I suggest above with the details to enter on the form. So there is not need to creat the configurable params as its done in my pull request.
regards
Hemant
