Mattermost Peer-to-Peer Forum

Clarifying some Points about LdapSettings


#1

Hi all ,
I’m trying to work with Ldap so i’m working on LdapSettings in config.json and i want to clarify some points about the config ,
This is my config:

“LdapSettings”: {
“Enable”: true,
“LdapServer”: “myLdapServerAdress”,
“LdapPort”: 389,
“ConnectionSecurity”: “”,
“BaseDN”: “dc=XX,dc=com”, // is this true like that ?
“BindUsername”: “”, I’m confused about what i should put in this field??
“BindPassword”: “”,
“UserFilter”: “”,
“FirstNameAttribute”: “”,
“LastNameAttribute”: “sn”,
“EmailAttribute”: “mail”, // i put the @ mail of who??
“UsernameAttribute”: “uid”, // i don’t have an idea about the uid
"NicknameAttribute": “”,
“IdAttribute”: “uid”,
“PositionAttribute”: “”,
“SyncIntervalMinutes”: 60,
“SkipCertificateVerification”: false,
“QueryTimeout”: 60,
“MaxPageSize”: 0,
“LoginFieldName”: “”
},

Thank you for your Help.


#2

Hi @marouane - our docs on LDAP config settings are here: https://docs.mattermost.com/administration/config-settings.html#ad-ldap

“BaseDN”: That looks about right, usually it’s something like ou=XX,dc=XX,dc=com

“BindUsername”: This is the username used to perform the LDAP search, it should be an account created specifically for use with Mattermost. I think you can put it in the form DOMAIN/username or uid=XX, ou=XX, ... might work as well

“EmailAttribute” and “UsernameAttribute”: These are the LDAP fields that will be synced to the email and username fields for Mattermost users. Typically it’s something like mail and uid, but it depends on the LDAP provider you’re using.


#3

Thank you for your response,
Ok this is my config after i follow you comment :

    "BaseDN": "ou=people,dc=X,dc=com",
    "BindUsername": "uid=mattermost,dc=X,dc=com",
    "BindPassword": "mattermost",
    "UserFilter": "",
    "FirstNameAttribute": "",
    "LastNameAttribute": "sn",
    "EmailAttribute": "myEamil",
    "UsernameAttribute": "uid",
    "NicknameAttribute": "",
    "IdAttribute": "uid",

And that what i got when i log out and trying to log in with ldap credential

—> 2017/08/16 17:27:46 CEST] [EROR] /api/v4/users/login:checkUserPassword code=401 rid=X uid= ip=X Login failed because of invalid password [details: user_id=X]


#4

Hi @marouane - thanks for the response.

The error message you’re seeing doesn’t look like it’s from LDAP, since LDAP usually includes something like [details: LDAP Result Code XX ...].

What information were you using to sign in with? I believe you need to use IdAttribute on the login page, so in your case it’s the uid.


#5

Hi @lfbrock fbrock
Thank you for your response.
I will try to update the IdAttribute and see what’s the result.