Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

ldaps authentication

ldaps authentication

Wekan/General · January 27, 2020 at 11:08am

Didier Caradec

@dcaradec
rep
36

ldaps authentication

Wekan / General · January 27, 2020 at 11:08am

Hi everybody, i'm new on this community. I tried to find the solution before posting here. I'm trying to configure ldaps authentication in wekan and not able to do it. I verified that i can request Active Directory domain controller with ldapsearch and it's working well on 636 port ssl. I tried this config : snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl' snap set wekan ldap-port='636' snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- putting the certicate key on one line, and i get the error message error: invalid configuration: "CERTIFICATE-----" (want key=value)

Is there another way to set the certificate in the application ? What am i doing wrong ?

If somebody could help me on this issue, i'll appreciate a lot. Thank you

Load previous messages
January 27, 2020 at 3:58pm
Didier Caradec@dcaradec
3:58pm

Thank you Izebia, in fact i want to use ldaps request over ssl. My settings are :

    • reply
    • like
    4:01pm

    snap set wekan ldap-enable='true' snap set wekan ldap-port='636' snap set wekan ldap-host='host' snap set wekan ldap-basedn='cn=Users,dc=domain' snap set wekan ldap-login-fallback='true' snap set wekan ldap-reconnect='true' snap set wekan ldap-timeout='10000' snap set wekan ldap-idle-timeout='10000' snap set wekan ldap-connect-timeout='10000' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='cn=username,cn=Users,dc=domain' snap set wekan ldap-authentication-password='password' snap set wekan ldap-log-enabled='true' snap set wekan ldap-background-sync='true' snap set wekan ldap-background-sync-interval='every 1 minute' snap set wekan ldap-background-sync-keep-existant-users-updated='true' snap set wekan ldap-background-sync-import-new-users='true' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName' snap set wekan ldap-fullname-field='cn'

    snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl'

      • reply
      • like
      4:02pm

      snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- key

        • reply
        • like
        4:02pm

        and it blocks at key settings

          • reply
          • like
          4:41pm

          In fact, no need to setup the certificate in the snap when you do snap set wekan ldap-reject-unauthorized='false'

            • reply
            • like
            4:43pm

            It works well and do crypted ldaps request correctly because i put the certificate in the ca-certificates.crt in ssl config

              • reply
              • like
              4:44pm

              Thank you all for your help.

                • reply
                • like
                January 28, 2020 at 6:25am
                Didier Caradec@dcaradec
                6:25am

                Another littoral question, how to add à second domain controller ? Names separated by what in host definition , space, comma,.....?

                  • reply
                  • like
                  January 28, 2020 at 12:26pm
                  Lauri Ojansivu@xet7
                  Team
                  12:26pm

                  Just try something? I don't know.

                    • reply
                    • like
                    February 28, 2020 at 11:42am
                    Michael@derbolle
                    11:42am

                    you can use the primary dns name of the domain as domain controller (if everything is configured properly that is). Instead of giving the domain controller variable the name "dc01.domain.com" you just give it "domain.com" and every dc will be automatically queried.

                      • reply
                      • like
                      11:44am

                      as a reminder to all of you who don't know this: Microsoft will start blocking unsigned LDAP starting march 2020. Now is your last chance to switch to LDAPs without causing issues for your Users @xet7 : maybe this should be mentioned in the documentation

                        • reply
                        • like
                        Lauri Ojansivu@xet7
                        Team
                        12:13pm

                        @derbolle You should add issue about that to https://github.com/wekan/wekan-ldap/issues

                          • reply
                          • like
                          September 29, 2021 at 3:06am
                          Ian Kim Suropia@ianks
                          3:06am
                          reply
                          lzieba@luki

                          Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

                            This works for me as well. I run wekan on ubuntu 18.04. Thanks you very much.

                              • reply
                              • like