Hello -
I need help getting Mingle configured correctly to securely authenticate with ActiveDirectory. I've been waiting for this 2.2 feature for a while, but I can't seem to get it to work. Further, our users, especially new ones, are really turned off by not having this working so I need to get it working so it's not bad publicity for turning folks toward Mingle.
To be up front, I've read and experimented with all the LDAP comments/threads in the Mingle forum already and have read the Mingle LDAP Authentication how to countless times, but I may be missing something. Lastly, I have successfully configured the MindTouch DekiWiki to authenticate with AD on our network just fine, so I think I have some of the critical info needed to get this working. I just need a second set of eyes or insight.
My setup:
Below is the current (non-ldap) authentication config in my auth_config.yml, just for reference purposes. This config was an "out-of-the-box Mingle config):
password_format:
basic_authentication_enabled:
basic_authentication:
authentication:
ldap_settings:
#ldapserver:
#ldapport:
#ldapbinduser:
#ldapbindpasswd:
#ldapbasedn:
#ldapfilter:
#ldapobjectclass:
#ldap_map_fullname:
#ldap_map_mail:
#ldapgroupobjectclass:
#ldapgroupdn:
#ldapgroupattribute:
cas_settings:
#cas_port:
#cas_host:
#cas_uri:Next I tried using the Mingle LDAP how to (along with the Mingle forum threads on the topic) to generate something like the config below. NOTE: I have not needed to use a user/password to authenticate LDAP queries on MindTouch wiki, so I shouldn't have to on Mingle either. That's why I'm not using it).
authentication: ldap
ldap_settings:
ldapserver: ourDChost.pnl.gov
ldapport: 389
ldapbasedn: "DC=pnl,DC=gov"
# note on above basedn, this is the same basedn MindTouch wiki is using for searches; I wasn't required to specify an OU to search within.
ldapfilter: sAMAccountName
ldapobjectclass: organizationalPerson
ldap_map_fullname: cn
ldap_map_mail: mail
# NOTE: I'm not using the following config options below because I don't think they are relevant to our setup. Correct me if I'm wrong and they're necessary.
#ldapgroupdn : cn="Domain Users",ou=Users,dc=pnl,dc=gov
#ldapgroupobjectclass : group
#ldapgroupattribute : member
#auto_enroll: true
#auto_enroll_as_mingle_admin: falseAttempting to login with my domain account using the above config fails. I turned on the debug logging and captured the error as this might help figure why it's failing [see Stack Trace field below]:
Thanks for any help you can provide.
Sean
Stack Trace
Processing ProfileController#login (for 130.20.174.43 at 2009-03-24 08:29:34) [POST]
[2009-03-24 08:29:34,450] [btpool0-9] [/] Session ID: 2849b12d64e6c88b2c4264237efda165
[2009-03-24 08:29:34,450] [btpool0-9] [/] Parameters: {"user"=>{"login"=>"d3x600", "password"=>"[FILTERED]"}, "commit"=>"Sign in
Comments
1 comment
Hi Sean,
Can you take a look at this troubleshooting post and utilize the tools there to send us back the output? We can post a solution back here once the team has been able to analyze your data.
Please sign in to leave a comment.