Mattermost, Inc.

[Solved] User not registered in LDAP server

I’ve just setup ldap and all seems to be working.

This is my ldap configurations:

   "LdapSettings": {
        "Enable": true,
        "LdapServer": "spkmain01.spkanim.com",
        "LdapPort": 389,
        "ConnectionSecurity": "",
        "BaseDN": "dc=spkanim,dc=com",
        "BindUsername": "spkanim\\testusersg",
        "BindPassword": "password",
        "UserFilter": "(objectCategory=Person))",
        "FirstNameAttribute": "givenName",
        "LastNameAttribute": "sn",
        "EmailAttribute": "mail",
        "UsernameAttribute": "sAMAccountName",
        "NicknameAttribute": "nickname",
        "IdAttribute": "objectGUID",
        "SyncIntervalMinutes": 2,
        "SkipCertificateVerification": true,
        "QueryTimeout": 60,
        "MaxPageSize": 500,
        "LoginFieldName": ""
    },

It seems to synchronized successfully:

[2016/07/30 12:38:24 SGT] [INFO] LDAP Synchronization completed

However, when I tried to sign on with a AD user, I’ve got the these errors:

[2016/07/30 12:38:34 SGT] [EROR] /api/v3/users/login:findUser code=400 rid=nhnj6ji7uj8cddaeh7hwmodmfw uid= ip=10.0.17.5 User not registered on LDAP server [details: username=spkanim\savio]
[2016/07/30 12:38:38 SGT] [EROR] /api/v3/users/login:findUser code=400 rid=57w7xswijpd89crjenkzap6yqy uid= ip=10.0.17.5 User not registered on LDAP server [details: username=savio]

I’ve tried a few other users and the results are the same. Is there anyway to see how many users are synced to Mattermost from ldap? I’ve also gone through the troubleshooting section in the docs but none of that helps. Did I miss anything?

Hi @BoonHean, could you try running your User Filter query in Active Directory to see what it returns?

Also, please see troubleshooting documentation on this error message.

Hi @it33, thanks for your quick response. Yes, that’s the troubleshooting docs that I have looked. I have also tried running the query in my AD and its returns over 500 items. I was using a more complex filter but for debugging purposes I’ve reduce it to the one I submitted here. I’m quite sure the filter works because I’ve use it in other applications like Confluence and Zimbra.

Question, should the user login as domain\username or just username? As shown in the logs, I’ve tried either way and it didn’t work. Are the accounts created the first time a new user logs in or during the sync? If its during the sync, can I query the DB how many accounts Mattermost found? Sorry, I’m not familiar with postgres and the Mattermost schema so didn’t dig further.

Thanks!

Hi @BoonHean

It looks like you are mapping your ID Attribute to objectGUID, try mapping it to sAMAccountName to log in with username and password?

Yes! :slight_smile: That fixes the issue. Thanks!