Mattermost Peer-to-Peer Forum

[Solved] User not registered on LDAP server [details: username=]


#1

I try to setup ldap on the enterprise edition of mattermost 3.3.0. with AD 2012 R2

my current setup is this:

"LdapSettings": {
        "Enable": true,
        "LdapServer": "agartha.domain.com",
        "LdapPort": 389,
        "ConnectionSecurity": "",
        "BaseDN": "dc=domain,dc=com",
        "BindUsername": "mattermost@domain.com",
        "BindPassword": "password",
        "UserFilter": "",
        "FirstNameAttribute": "givenname",
        "LastNameAttribute": "sn",
        "EmailAttribute": "mail",
        "UsernameAttribute": "saMAccountName",
        "NicknameAttribute": "",
        "IdAttribute": "saMAccountName",
        "SyncIntervalMinutes": 60,
        "SkipCertificateVerification": false,
        "QueryTimeout": 60,
        "MaxPageSize": 500,
        "LoginFieldName": ""

I try to change user filter to (objectClass=user) or the one in the exemple (&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) without success.

when I check the log I found something strange.

when I try with a active user in AD

 EDT] [EROR] /api/v3/users/login:findUser code=401 rid=7e8tshxzrfynikdwbc8ujdjdqw uid= ip=172.16.32.66 User not registered on LDAP server [details: username=]

when I try to login with a invalid user

 EDT] [EROR] /api/v3/users/login:findUser code=400 rid=hs3nr4ay1jd69n8rizscytptsa uid= ip=172.16.32.66 User not registered on LDAP server [details: username=test2]

I see the sync is working ( i guess )

2016/08/16 17:36:40 EDT] [DEBG] /api/v3/admin/ldap_sync_now
[2016/08/16 17:36:40 EDT] [INFO] LDAP Synchronization completed

#2

What do you type into the Email or LDAP Username field on login?

It should be just his username without a domain. So for mattermost\bill I would just type bill.

Maybe remove the object filter until you have basic login working.

Also, not sure about “BaseDN”: “dc=domain,dc=com”, might need to have a organization unit like “BaseDN”: “ou=group,dc=domain,dc=com”,


#3

Hi,

When I login I only use the username without domain.

I try without filter and I changed my baseDN for different thing. I tried the full basedn, only dc like you see in my current config. I also tried with the default CN “users”, I moved one user there and try to login with and doesn’t change anyting.

I reset the passwd on the user I use for my test to be sure. I tried to make him domain admin. But I always have the same result. It always said the user is not registered. I even try with a new user I created only for testing mattermost.


#4

Hi baudette,

I think you might have a typo in the config. The AD Username and IdAttribute is sAMAccountName not saMAccountName.


#5

Yes you had right. I fell like a complete moron to not seeing this before. I change a for A and boom its working.

User need to have email field setup to be able to login, if empty it said invalid email.

Thank you very much so easy and so hard at the same time.