And does it work in plain LDAP? Or doesn't your LDAP server allow plain connections?
It's easier to troubleshoot in plain ldap so you know what response you get from the ldap server when traccar launches a request (maybe it's a problem in the traccar.config file)
yes indeed it works in plain LDAP i can see my password and mail address
but the ldap works fine
however when i use ldaps i found bizarre that i can also see my credentials
this is my traccar.xml config
<entry key='ldap.enable'>true</entry>
<entry key='ldap.url'>ldaps://geo.geo.local:636</entry>
<entry key='ldap.port'>636</entry>
<entry key='ldap.base'>OU=GEO,DC=geo,DC=local</entry>
<entry key='ldap.idAttribute'>cn</entry>
<entry key='ldap.nameAttribute'>displayName</entry>
<entry key='ldap.mailAttribute'>mail</entry>
<entry key='ldap.searchFilter'>(|(cn=:login)(mail=:login))</entry>
<entry key='ldap.adminGroup'>geoadmin</entry>
<entry key='ldap.user'>CN=geogeek,OU=GEO,DC=geo,DC=local</entry>
<entry key='ldap.password'>****</entry>
which traccar version do you use ?
This is our config:
<entry key='ldap.enable'>true</entry>
<entry key='ldap.force'>true</entry>
<entry key='ldap.port'>636</entry> -->
<entry key='ldap.url'>ldaps://msnet.railb.be:636</entry>
<entry key='ldap.base'>OU=40 Infrabel,OU=Unit placeholder,DC=msnet,DC=railb,DC=be</entry>
<entry key='ldap.idAttribute'>cn</entry>
<entry key='ldap.nameAttribute'>displayName</entry>
<entry key='ldap.mailAttribute'>mail</entry>
<entry key='ldap.searchFilter'>(|(cn=:login)(mail=:login))</entry>
<entry key='ldap.adminFilter'>(&(|(cn=:login)(mail=:login))(memberOf=CN=A1681_AdminsG,OU=RM,OU=Groups,OU=40 Infrabel,OU=Unit placeholder,DC=msnet,DC=railb,DC=be))</entry>
<entry key='ldap.user'>CN=****,OU=Users-Generic,OU=B0003 - SLAM,OU=ServeraaS,OU=IT Support Services,OU=ADaaService,DC=msnet,DC=railb,DC=be</entry>
<entry key='ldap.password'>***</entry>
you shouldn't be able to see username/password when using LDAPS.. that's where it's for..
Server version is 4.6.
Once the certificate was OK and the plain LDAP worked, then LDAPS worked automatically.
We only had an issue that the LDAP user we used for traccar wasn't allowed to query the admin group which resulted in admin users not being given admin rights. But that's not an issue here I guess
Ok thank you a lot Mathias i will try out again
indeed i had same problems with admin rights when i used ldap
Thank you again it's kind of you !
I'm having problems connecting to LDAP with the new update 4.15 and having searches done to groups via sAMAccountName. I can see requests to the AD server using wiresharek. Please see below for my conf file code. Any help would be greatly appreciated:
<entry key='ldap.idAttribute>'sAMAccountName</entry>
<entry key='ldap.nameAttribute'>sAMAccountName</entry>
<entry key='ldap.mailAttribute'>sAMAccountName</entry>
<entry key='ldap.searchFilter'>(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar_Users,OU=Traccar,OU=Security,DC=prod,DC=ourdomain)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>
<entry key='ldap.adminFilter'>(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar_Admins,OU=Traccar,OU=Security,DC=prod,DC=ourdomain)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>
nope i dont see any error about the cerificate, and i've imported it to the jre keystore