Help with LDAP secure authentication – ThoughtWorks Support

Hello -

I need help getting Mingle configured correctly to securely authenticate with ActiveDirectory. I've been waiting for this 2.2 feature for a while, but I can't seem to get it to work. Further, our users, especially new ones, are really turned off by not having this working so I need to get it working so it's not bad publicity for turning folks toward Mingle.

To be up front, I've read and experimented with all the LDAP comments/threads in the Mingle forum already and have read the Mingle LDAP Authentication how to countless times, but I may be missing something. Lastly, I have successfully configured the MindTouch DekiWiki to authenticate with AD on our network just fine, so I think I have some of the critical info needed to get this working. I just need a second set of eyes or insight.

My setup:

Below is the current (non-ldap) authentication config in my auth_config.yml, just for reference purposes. This config was an "out-of-the-box Mingle config):

password_format:
basic_authentication_enabled:
basic_authentication:
authentication:
ldap_settings:
   #ldapserver:
   #ldapport:
   #ldapbinduser:
   #ldapbindpasswd:
   #ldapbasedn:
   #ldapfilter:
   #ldapobjectclass:
   #ldap_map_fullname:
   #ldap_map_mail:
   #ldapgroupobjectclass:
   #ldapgroupdn:
   #ldapgroupattribute:
cas_settings:
   #cas_port:
   #cas_host:
   #cas_uri:

Next I tried using the Mingle LDAP how to (along with the Mingle forum threads on the topic) to generate something like the config below. NOTE: I have not needed to use a user/password to authenticate LDAP queries on MindTouch wiki, so I shouldn't have to on Mingle either. That's why I'm not using it).

authentication: ldap
ldap_settings:
    ldapserver: ourDChost.pnl.gov
    ldapport: 389
    ldapbasedn: "DC=pnl,DC=gov"
    # note on above basedn, this is the same basedn MindTouch wiki is using for searches; I wasn't required to specify an OU to search within.
    ldapfilter: sAMAccountName
    ldapobjectclass: organizationalPerson
    ldap_map_fullname: cn
    ldap_map_mail: mail
    # NOTE: I'm not using the following config options below because I don't think they are relevant to our setup. Correct me if I'm wrong and they're necessary.
    #ldapgroupdn : cn="Domain Users",ou=Users,dc=pnl,dc=gov
    #ldapgroupobjectclass : group
    #ldapgroupattribute : member
    #auto_enroll: true
    #auto_enroll_as_mingle_admin: false

Attempting to login with my domain account using the above config fails. I turned on the debug logging and captured the error as this might help figure why it's failing [see Stack Trace field below]:

Thanks for any help you can provide.

Sean

Stack Trace

Processing ProfileController#login (for 130.20.174.43 at 2009-03-24 08:29:34) [POST]
[2009-03-24 08:29:34,450] [btpool0-9] [/] Session ID: 2849b12d64e6c88b2c4264237efda165
[2009-03-24 08:29:34,450] [btpool0-9] [/] Parameters: {"user"=>{"login"=>"d3x600", "password"=>"[FILTERED]"}, "commit"=>"Sign in

Comments

1 comment

Adam Monago March 24, 2009 18:25

Hi Sean,

Can you take a look at this troubleshooting post and utilize the tools there to send us back the output? We can post a solution back here once the team has been able to analyze your data.

How can I troubleshoot the configuration of the Mingle LDAP plugin?

0

Please sign in to leave a comment.

Articles in this section