Problems Authenticating LDAP Users

Razuna v2 Legacy Self-Hosted
1

Hey there,

i’ve installed the standalone version of Razuna on a Debian machine. I tried to set up the LDAP authentication against an OpenLDAP server running on the same machine. The users show up in the import screen, i have imported them and they show up in user management. But trying to log in with an ldap user I’ll get this error below the login form

"We are sorry but we could not log you in. Please check your credentials and try again.

Error was: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]"

I tried to search the Razuna logs in the tomcat directory, but there are no entries about the login failure. It’s obvious that something with the credentials isn’t right. I’m storing the user passwords in the attribute ‘userPassword’ and they are SSHA hashed. Is there maybe some incompatability within razuna, that I have to store the passwords in another hash or attribute? The directory itself is working like a charm on webmail, owncloud and stuff like that. I’m also a bit confused with the ‘LDAP User DN Sample’ option. Does this mean that razuna tries to bind against the ldap server with the credentials of the user that wants to log in? Or is the bind done with the credentials of the ldap admin user name and pasword?

Hope you are able to help me with this problem.
Thank you!

2

LDAP is quite specific to every organization. As we have many customers
using it, we know that it works.

Check on wiki.razuna.com and on this forum for further help.

3

Hello Nitai,

I’ve no doubt that your LDAP integration works, but my question was how it works, as I have imported my users already. They just can’t log in using their LDAP credentials. I’ve followed the guidelines of your wiki to set up the connection. The only thing that I can imagine why it doesn’t work correctly is that razuna is using a different attribute for the stored password (unlikely), that there are some problems with hashed passwords (more likely) or that razuna makes a bind with the credentials of the logging in user. This would require me to set up some ACLs on my LDAP server and I just want to make clear if I have to do that, or if there is another problem that could cause this error.

Is there maybe some log file where errors like that can be debugged?

Thanks for the fast reply!