Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

ldaps authentication

ldaps authentication

Wekan/General · January 27, 2020 at 11:08am

Didier Caradec

@dcaradec
rep
36

ldaps authentication

Wekan / General · January 27, 2020 at 11:08am

Hi everybody, i'm new on this community. I tried to find the solution before posting here. I'm trying to configure ldaps authentication in wekan and not able to do it. I verified that i can request Active Directory domain controller with ldapsearch and it's working well on 636 port ssl. I tried this config : snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl' snap set wekan ldap-port='636' snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- putting the certicate key on one line, and i get the error message error: invalid configuration: "CERTIFICATE-----" (want key=value)

Is there another way to set the certificate in the application ? What am i doing wrong ?

If somebody could help me on this issue, i'll appreciate a lot. Thank you

January 27, 2020 at 11:39am
Martin Hořínek@hever
11:39am

It looks like there it is about format of certificate. Try another format. Another way is to accept all certificates (less secure) if it is possible. Another way is not to use LDAPS but LDAP with StartTLS (port 389).

    • reply
    • like
    January 27, 2020 at 12:47pm
    Didier Caradec@dcaradec
    12:47pm

    And what is the snap set command to accept all certificates ?

      • reply
      • like
      January 27, 2020 at 2:41pm
      lzieba@luki
      2:41pm

      Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

        Edited
        like-fill
        1
        • reply
        • like
        January 27, 2020 at 3:58pm
        Didier Caradec@dcaradec
        3:58pm

        Thank you Izebia, in fact i want to use ldaps request over ssl. My settings are :

          • reply
          • like
          4:01pm

          snap set wekan ldap-enable='true' snap set wekan ldap-port='636' snap set wekan ldap-host='host' snap set wekan ldap-basedn='cn=Users,dc=domain' snap set wekan ldap-login-fallback='true' snap set wekan ldap-reconnect='true' snap set wekan ldap-timeout='10000' snap set wekan ldap-idle-timeout='10000' snap set wekan ldap-connect-timeout='10000' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='cn=username,cn=Users,dc=domain' snap set wekan ldap-authentication-password='password' snap set wekan ldap-log-enabled='true' snap set wekan ldap-background-sync='true' snap set wekan ldap-background-sync-interval='every 1 minute' snap set wekan ldap-background-sync-keep-existant-users-updated='true' snap set wekan ldap-background-sync-import-new-users='true' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName' snap set wekan ldap-fullname-field='cn'

          snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl'

            • reply
            • like
            4:02pm

            snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- key

              • reply
              • like
              4:02pm

              and it blocks at key settings

                • reply
                • like
                4:41pm

                In fact, no need to setup the certificate in the snap when you do snap set wekan ldap-reject-unauthorized='false'

                  • reply
                  • like
                  4:43pm

                  It works well and do crypted ldaps request correctly because i put the certificate in the ca-certificates.crt in ssl config

                    • reply
                    • like
                    4:44pm

                    Thank you all for your help.

                      • reply
                      • like
                      January 28, 2020 at 6:25am
                      Didier Caradec@dcaradec
                      6:25am

                      Another littoral question, how to add à second domain controller ? Names separated by what in host definition , space, comma,.....?

                        • reply
                        • like
                        January 28, 2020 at 12:26pm
                        Lauri Ojansivu@xet7
                        Team
                        12:26pm

                        Just try something? I don't know.

                          • reply
                          • like
                          February 28, 2020 at 11:42am
                          Michael@derbolle
                          11:42am

                          you can use the primary dns name of the domain as domain controller (if everything is configured properly that is). Instead of giving the domain controller variable the name "dc01.domain.com" you just give it "domain.com" and every dc will be automatically queried.

                            • reply
                            • like
                            11:44am

                            as a reminder to all of you who don't know this: Microsoft will start blocking unsigned LDAP starting march 2020. Now is your last chance to switch to LDAPs without causing issues for your Users @xet7 : maybe this should be mentioned in the documentation

                              • reply
                              • like
                              Lauri Ojansivu@xet7
                              Team
                              12:13pm

                              @derbolle You should add issue about that to https://github.com/wekan/wekan-ldap/issues

                                • reply
                                • like
                                September 29, 2021 at 3:06am
                                Ian Kim Suropia@ianks
                                3:06am
                                reply
                                lzieba@luki

                                Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

                                  This works for me as well. I run wekan on ubuntu 18.04. Thanks you very much.

                                    • reply
                                    • like