This Question is Answered

1 "correct" answer available (4 pts) 2 "helpful" answers available (2 pts)
8 Replies Last post: Apr 19, 2007 3:21 AM by Dmitri Colebatch  
Dmitri Colebatch Newbie 95 posts since
Sep 4, 2002
Currently Being Moderated

Apr 13, 2007 6:11 AM

LDAP login failures / admin account

I'm trying to setup team city to authenticate against LDAP following http://www.jetbrains.net/confluence/display/TCD/Authentication+Settings.  I have installed teamcity 2.0, started and stopped it to create the .buildsettings directory, and then edited the main-config.xml as described and created my ldap-config.properties.  My ldap-config.properties looks like:

 

com.sun.jndi.ldap.connect.pool=true

java.naming.provider.url=ldap://toyent01:389/

java.naming.security.principal=CN=kisdro,O=admin

java.naming.security.credentials=*******

java.naming.security.authentication=simple

 

I've cranked up the logging, and I see this in the logs:

 

2007-04-13 12:08:40,890  DEBUG - ide.impl.auth.ServerLoginModel - Login failed, error: javax.security.auth.login.FailedLoginException: Please use DOMAIN\sAMAccountName login format

 

This doesn't make sense to me as I'm using straight LDAP login.  Could someone please give me some guideance here?

 

cheers,

dim

 

ps - aside from these teething problems it looks like a great product and I'm looking forward to getting it all up and running.

Dave Leskovac Novice 248 posts since
Aug 24, 2006
Currently Being Moderated
Apr 13, 2007 6:12 PM in response to: Dmitri Colebatch
Re: LDAP login failures / admin account

I'm trying to setup team city to authenticate against

LDAP following

http://www.jetbrains.net/confluence/display/TCD/Authen

tication+Settings.  I have installed teamcity 2.0,

started and stopped it to create the .buildsettings

directory, and then edited the main-config.xml as

described and created my ldap-config.properties.  My

ldap-config.properties looks like:

 

com.sun.jndi.ldap.connect.pool=true

java.naming.provider.url=ldap://toyent01:389/

java.naming.security.principal=CN=kisdro,O=admin

java.naming.security.principal=*******

java.naming.security.authentication=simple

 

You may want to enter the fully qualified name of your ldap server as

the value for java.naming.provider.url and remove the java.naming.security.principal

and java.naming.security.principal at least to start.

 

This is what worked for me:

Here is my "ldap-config.properties":

java.naming.referral=follow

java.naming.provider.url=ldap://

 

Hope that helps.

 

-Dave

Guest
Currently Being Moderated
Apr 16, 2007 11:31 AM in response to: Dmitri Colebatch
Re: LDAP login failures / admin account

Dmitri Colebatch wrote:

Thanks Dave, unfortunately that didn't fix my problem.

 

I've changed my config to:

 

java.naming.provider.url=ldap://toyent01.<domain>:389/

java.naming.security.principal=CN=kisdro,O=admin

java.naming.security.credentials=<password>

java.naming.security.authentication=simple

java.naming.referral=follow

 

and then tried to log in with <username>\<domain> but in the log files I get this error:

 

2007-04-16 10:51:20,437  DEBUG - ide.impl.auth.ServerLoginModel - Login failed, error: javax.security.auth.login.LoginException: javax.naming.InvalidNameException: LDAP: error code 34 - Invalid DN Syntax

 

Our LDAP server is Novell eDirectory.  We have all our other servers configured to authenticate against it, so I'm not new to configuring this stuff although I do have some unanswered questions in my head - eg what's the filter for a user, how do I restrict to users in certain groups, etc etc.

 

Are there any more docs on the details of this?

 

cheers,

dim

 

On error codes

http://java.sun.com/products/jndi/tutorial/ldap/models/exceptions.html

 

--

Alexey Gopachenko

JetBrains Inc.

http://www.intellij.com

"Develop with pleasure!"

 

Guest
Currently Being Moderated
Apr 16, 2007 12:51 PM in response to: Dmitri Colebatch
Re: LDAP login failures / admin account

Dmitri Colebatch wrote:

Thanks Dave, unfortunately that didn't fix my problem.

 

I've changed my config to:

 

java.naming.provider.url=ldap://toyent01.<domain>:389/

java.naming.security.principal=CN=kisdro,O=admin

java.naming.security.credentials=<password>

java.naming.security.authentication=simple

java.naming.referral=follow

 

and then tried to log in with <username>\<domain> but in the log files I get this error:

 

2007-04-16 10:51:20,437  DEBUG - ide.impl.auth.ServerLoginModel - Login failed, error: javax.security.auth.login.LoginException: javax.naming.InvalidNameException: LDAP: error code 34 - Invalid DN Syntax

 

Our LDAP server is Novell eDirectory.  We have all our other servers configured to authenticate against it, so I'm not new to configuring this stuff although I do have some unanswered questions in my head - eg what's the filter for a user, how do I restrict to users in certain groups, etc etc.

 

Are there any more docs on the details of this?

 

cheers,

dim

 

TeamCity LDAP login provider authenticates users by direct login with

credentials from login page, thus you need to REMOVE .principal and

.credentials as Dave already pointed you.

 

--

Alexey Gopachenko

JetBrains Inc.

http://www.intellij.com

"Develop with pleasure!"

 

 

Guest
Currently Being Moderated
Apr 17, 2007 10:53 AM in response to: Dmitri Colebatch
Re: LDAP login failures / admin account

Dmitri Colebatch wrote:

Thanks Alexey,  unfortunately the problem I'm facing is the domain\username syntax.  This is not what my LDAP server is expecting.  I have got around this by using my own login module, and it is all working nicely.  I will try to package that it up and post it here for anyone who's interested.

I think we should made this syntax optional, see

http://www.jetbrains.net/jira/browse/TW-2406

If you have a look at the complexity of the weblogic LDAP authenticator I think you'll see how much more configuration is required to make LDAP authentication work in all scenarios.

There's also wonderful LDAP login module in JDK 1.6, with full sources.

Do you think it covers all the cases you mentioned?

As an aside, I would love to be able to pull email address, full name, etc etc, out of LDAP, but I assume this isn't possible.  Is it worth me raising an enhancement request?

I filed separate issue for full name because this feature do not

requires architectural changes. See TW-2407, TW-2408.

 

 

--

Alexey Gopachenko

JetBrains Inc.

http://www.intellij.com

"Develop with pleasure!"

 

Barry Kaplan Newbie 31 posts since
May 13, 2005
Currently Being Moderated
Apr 18, 2007 3:34 AM in response to: Dmitri Colebatch
Re: LDAP login failures / admin account

I am having this same problem, can you give me your module or document how to set this up?

More Like This

  • Retrieving data ...