Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

ldaps authentication

ldaps authentication

Wekan/General · January 27, 2020 at 11:08am

Didier Caradec

@dcaradec
rep
36

ldaps authentication

Wekan / General · January 27, 2020 at 11:08am

Hi everybody, i'm new on this community. I tried to find the solution before posting here. I'm trying to configure ldaps authentication in wekan and not able to do it. I verified that i can request Active Directory domain controller with ldapsearch and it's working well on 636 port ssl. I tried this config : snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl' snap set wekan ldap-port='636' snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- putting the certicate key on one line, and i get the error message error: invalid configuration: "CERTIFICATE-----" (want key=value)

Is there another way to set the certificate in the application ? What am i doing wrong ?

If somebody could help me on this issue, i'll appreciate a lot. Thank you

Load previous messages
January 27, 2020 at 4:01pm
Didier Caradec@dcaradec
4:01pm

snap set wekan ldap-enable='true' snap set wekan ldap-port='636' snap set wekan ldap-host='host' snap set wekan ldap-basedn='cn=Users,dc=domain' snap set wekan ldap-login-fallback='true' snap set wekan ldap-reconnect='true' snap set wekan ldap-timeout='10000' snap set wekan ldap-idle-timeout='10000' snap set wekan ldap-connect-timeout='10000' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='cn=username,cn=Users,dc=domain' snap set wekan ldap-authentication-password='password' snap set wekan ldap-log-enabled='true' snap set wekan ldap-background-sync='true' snap set wekan ldap-background-sync-interval='every 1 minute' snap set wekan ldap-background-sync-keep-existant-users-updated='true' snap set wekan ldap-background-sync-import-new-users='true' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName' snap set wekan ldap-fullname-field='cn'

snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl'

    • reply
    • like
    4:02pm

    snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- key

      • reply
      • like
      4:02pm

      and it blocks at key settings

        • reply
        • like
        4:41pm

        In fact, no need to setup the certificate in the snap when you do snap set wekan ldap-reject-unauthorized='false'

          • reply
          • like
          4:43pm

          It works well and do crypted ldaps request correctly because i put the certificate in the ca-certificates.crt in ssl config

            • reply
            • like
            4:44pm

            Thank you all for your help.

              • reply
              • like
              January 28, 2020 at 6:25am
              Didier Caradec@dcaradec
              6:25am

              Another littoral question, how to add à second domain controller ? Names separated by what in host definition , space, comma,.....?

                • reply
                • like
                January 28, 2020 at 12:26pm
                Lauri Ojansivu@xet7
                Team
                12:26pm

                Just try something? I don't know.

                  • reply
                  • like
                  February 28, 2020 at 11:42am
                  Michael@derbolle
                  11:42am

                  you can use the primary dns name of the domain as domain controller (if everything is configured properly that is). Instead of giving the domain controller variable the name "dc01.domain.com" you just give it "domain.com" and every dc will be automatically queried.

                    • reply
                    • like
                    11:44am

                    as a reminder to all of you who don't know this: Microsoft will start blocking unsigned LDAP starting march 2020. Now is your last chance to switch to LDAPs without causing issues for your Users @xet7 : maybe this should be mentioned in the documentation

                      • reply
                      • like
                      Lauri Ojansivu@xet7
                      Team
                      12:13pm

                      @derbolle You should add issue about that to https://github.com/wekan/wekan-ldap/issues

                        • reply
                        • like
                        September 29, 2021 at 3:06am
                        Ian Kim Suropia@ianks
                        3:06am
                        reply
                        lzieba@luki

                        Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

                          This works for me as well. I run wekan on ubuntu 18.04. Thanks you very much.

                            • reply
                            • like