Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

ldaps authentication

ldaps authentication

Wekan / General · January 27, 2020 at 11:08am

Hi everybody, i'm new on this community. I tried to find the solution before posting here. I'm trying to configure ldaps authentication in wekan and not able to do it. I verified that i can request Active Directory domain controller with ldapsearch and it's working well on 636 port ssl. I tried this config : snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl' snap set wekan ldap-port='636' snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- putting the certicate key on one line, and i get the error message error: invalid configuration: "CERTIFICATE-----" (want key=value)

Is there another way to set the certificate in the application ? What am i doing wrong ?

If somebody could help me on this issue, i'll appreciate a lot. Thank you


January 27, 2020 at 11:39am

It looks like there it is about format of certificate. Try another format. Another way is to accept all certificates (less secure) if it is possible. Another way is not to use LDAPS but LDAP with StartTLS (port 389).

    • reply
    • like

    January 27, 2020 at 12:47pm

    And what is the snap set command to accept all certificates ?

      • reply
      • like

      January 27, 2020 at 2:41pm

      Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

        Edited
        like-fill
        1
        • reply
        • like

        January 27, 2020 at 3:58pm

        Thank you Izebia, in fact i want to use ldaps request over ssl. My settings are :

          • reply
          • like

          snap set wekan ldap-enable='true' snap set wekan ldap-port='636' snap set wekan ldap-host='host' snap set wekan ldap-basedn='cn=Users,dc=domain' snap set wekan ldap-login-fallback='true' snap set wekan ldap-reconnect='true' snap set wekan ldap-timeout='10000' snap set wekan ldap-idle-timeout='10000' snap set wekan ldap-connect-timeout='10000' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='cn=username,cn=Users,dc=domain' snap set wekan ldap-authentication-password='password' snap set wekan ldap-log-enabled='true' snap set wekan ldap-background-sync='true' snap set wekan ldap-background-sync-interval='every 1 minute' snap set wekan ldap-background-sync-keep-existant-users-updated='true' snap set wekan ldap-background-sync-import-new-users='true' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName' snap set wekan ldap-fullname-field='cn'

          snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl'

            • reply
            • like

            snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- key

              • reply
              • like

              and it blocks at key settings

                • reply
                • like

                In fact, no need to setup the certificate in the snap when you do snap set wekan ldap-reject-unauthorized='false'

                  • reply
                  • like

                  It works well and do crypted ldaps request correctly because i put the certificate in the ca-certificates.crt in ssl config

                    • reply
                    • like

                    Thank you all for your help.

                      • reply
                      • like

                      January 28, 2020 at 6:25am

                      Another littoral question, how to add à second domain controller ? Names separated by what in host definition , space, comma,.....?

                        • reply
                        • like

                        January 28, 2020 at 12:26pm

                        Just try something? I don't know.

                          • reply
                          • like

                          February 28, 2020 at 11:42am

                          you can use the primary dns name of the domain as domain controller (if everything is configured properly that is). Instead of giving the domain controller variable the name "dc01.domain.com" you just give it "domain.com" and every dc will be automatically queried.

                            • reply
                            • like

                            as a reminder to all of you who don't know this: Microsoft will start blocking unsigned LDAP starting march 2020. Now is your last chance to switch to LDAPs without causing issues for your Users @xet7 : maybe this should be mentioned in the documentation

                              • reply
                              • like

                              @derbolle You should add issue about that to https://github.com/wekan/wekan-ldap/issues

                                • reply
                                • like

                                September 29, 2021 at 3:06am

                                Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

                                  This works for me as well. I run wekan on ubuntu 18.04. Thanks you very much.

                                    • reply
                                    • like