Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

ldaps authentication

ldaps authentication

Wekan / General · January 27, 2020 at 11:08am

Hi everybody, i'm new on this community. I tried to find the solution before posting here. I'm trying to configure ldaps authentication in wekan and not able to do it. I verified that i can request Active Directory domain controller with ldapsearch and it's working well on 636 port ssl. I tried this config : snap set wekan ldap-encryption='true' snap set wekan ldap-encryption='ssl' snap set wekan ldap-port='636' snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- putting the certicate key on one line, and i get the error message error: invalid configuration: "CERTIFICATE-----" (want key=value)

Is there another way to set the certificate in the application ? What am i doing wrong ?

If somebody could help me on this issue, i'll appreciate a lot. Thank you

Load previous messages

January 27, 2020 at 4:02pm

snap set wekan ldap-ca-cert=-----BEGIN CERTIFICATE----- key

    • reply
    • like

    and it blocks at key settings

      • reply
      • like

      In fact, no need to setup the certificate in the snap when you do snap set wekan ldap-reject-unauthorized='false'

        • reply
        • like

        It works well and do crypted ldaps request correctly because i put the certificate in the ca-certificates.crt in ssl config

          • reply
          • like

          Thank you all for your help.

            • reply
            • like

            January 28, 2020 at 6:25am

            Another littoral question, how to add à second domain controller ? Names separated by what in host definition , space, comma,.....?

              • reply
              • like

              January 28, 2020 at 12:26pm

              Just try something? I don't know.

                • reply
                • like

                February 28, 2020 at 11:42am

                you can use the primary dns name of the domain as domain controller (if everything is configured properly that is). Instead of giving the domain controller variable the name "dc01.domain.com" you just give it "domain.com" and every dc will be automatically queried.

                  • reply
                  • like

                  as a reminder to all of you who don't know this: Microsoft will start blocking unsigned LDAP starting march 2020. Now is your last chance to switch to LDAPs without causing issues for your Users @xet7 : maybe this should be mentioned in the documentation

                    • reply
                    • like

                    @derbolle You should add issue about that to https://github.com/wekan/wekan-ldap/issues

                      • reply
                      • like

                      September 29, 2021 at 3:06am

                      Hi, Below I send my settings on which ldap login from AD works. snap set wekan ldap-enable='true' snap set wekan ldap-host='domain.local' snap set wekan ldap-port='389' snap set wekan ldap-basedn='ou=yourou,dc=domain,dc=local' snap set wekan ldap-authentication='true' snap set wekan ldap-authentication-userdn='user' snap set wekan ldap-authentication-password='password' snap set wekan ldap-user-search-field='sAMAccountName' snap set wekan ldap-username-field='sAMAccountName'

                        This works for me as well. I run wekan on ubuntu 18.04. Thanks you very much.

                          • reply
                          • like