LDAP Login Not Working

pmjd · December 26, 2022, 3:53pm

They are my full settings, anonymised as needed.

Do you know if your LDAP/Active Directory settings work with anything else? I was using the snipe-IT IT inventory program, also with LDAP, so I knew the user account I had setup for LDAP authenication was working.

Mohamed_Ghellali · December 27, 2022, 8:45am

At first, the system was accepting the settings I’m adding but I can’t login using LDAP login with any user I have from MS AD.

Now I’m facing a new error " ldap3.core.exceptions.LDAPSocketOpenError: invalid server address " when trying to add almost the same settings I’ve added before.

I have followed this video in configuring LDAP in windows server How to Setup Configuration LDAP on Windows Server 2019,LDAP Configuration on Windows Server 2019 - YouTube

and followed your LDAP settings in ERPNext.

Mohamed_Ghellali · December 27, 2022, 9:40am

@pmjd

Update

I got rid of the above error and now we are back to the verifying to infinity situation.

pmjd · December 27, 2022, 11:33am

Sorry I’m away for a few days, will try and help more once I’m back and have full access to everything. Try and see if your LDAP Windows account has the right permissions using another way.

pmjd · January 2, 2023, 3:56am

Hi,

Have you been able to confirm that the windows server LDAP account works?

Mohamed_Ghellali · January 2, 2023, 8:05am

Thanks for your efforts @pmjd,

Please let me know if you could help with any additional information once you’re back.
I’m still struggling with the integration.

I also noticed these couple of errors in the logs:
(
2023-01-01 20:17:17,991 ERROR frappe New Exception collected with id: 2023-01-01 20:17:17.987233-192.168.2.110-52b
Site: site1.local
Form Dict: {‘cmd’: ‘frappe.integrations.doctype.ldap_settings.ldap_settings.logi n’, ‘usr’: ‘user1’, ‘device’: ‘desktop’}
)
(
500 INTERNAL SERVER ERROR
)

By the way I tried this LDAP windows account with another system and it worked fine I could log in with the AD users I have.

Mohamed_Ghellali · January 3, 2023, 11:51am

Hi @pmjd

Many Thanks for your efforts. I finally solved the issue the sign in problem was caused due to the lack of email felling in the AD user crearion
So once I added emails to my AD users I could normally sign in with LDAP in ERPNext.

Now I’m struggling with LDAP group mapping. All users are registered with no roles even if I tried to separate them based on groups in the provided table in the LDAP settings.

Do you have any idea on how to specify customized permissions with LDAP user creation?

pmjd · January 4, 2023, 11:37am

Glad to hear you’ve got it working. I came across the same issue when I was settling up and had to update our accounts accordingly.

Unfortunately I haven’t tried group mapping yet, as I’m still setting up with a lot of customisations on the install. Hopefully someone else can help you out

Mohamed_Ghellali · January 4, 2023, 12:46pm

@pmjd
Thanks and good luck