Error logging LDAP connection

redofi 5 years ago

nope i dont see any error about the cerificate, and i've imported it to the jre keystore

Mathias5 years ago

And does it work in plain LDAP? Or doesn't your LDAP server allow plain connections?

It's easier to troubleshoot in plain ldap so you know what response you get from the ldap server when traccar launches a request (maybe it's a problem in the traccar.config file)

redofi 5 years ago

yes indeed it works in plain LDAP i can see my password and mail address
but the ldap works fine

however when i use ldaps i found bizarre that i can also see my credentials

redofi 5 years ago

this is my traccar.xml config

    <entry key='ldap.enable'>true</entry>
    <entry key='ldap.url'>ldaps://geo.geo.local:636</entry>
    <entry key='ldap.port'>636</entry>
    <entry key='ldap.base'>OU=GEO,DC=geo,DC=local</entry>
    <entry key='ldap.idAttribute'>cn</entry>
    <entry key='ldap.nameAttribute'>displayName</entry>
    <entry key='ldap.mailAttribute'>mail</entry>
    <entry key='ldap.searchFilter'>(|(cn=:login)(mail=:login))</entry>
    <entry key='ldap.adminGroup'>geoadmin</entry>
    <entry key='ldap.user'>CN=geogeek,OU=GEO,DC=geo,DC=local</entry>
    <entry key='ldap.password'>****</entry>
redofi 5 years ago

which traccar version do you use ?

Mathias5 years ago

This is our config:

    <entry key='ldap.enable'>true</entry>
    <entry key='ldap.force'>true</entry>
    <entry key='ldap.port'>636</entry> -->
    <entry key='ldap.url'>ldaps://msnet.railb.be:636</entry>
    <entry key='ldap.base'>OU=40 Infrabel,OU=Unit placeholder,DC=msnet,DC=railb,DC=be</entry>
    <entry key='ldap.idAttribute'>cn</entry>
    <entry key='ldap.nameAttribute'>displayName</entry>
    <entry key='ldap.mailAttribute'>mail</entry>
    <entry key='ldap.searchFilter'>(|(cn=:login)(mail=:login))</entry>   
    <entry key='ldap.adminFilter'>(&amp;(|(cn=:login)(mail=:login))(memberOf=CN=A1681_AdminsG,OU=RM,OU=Groups,OU=40 Infrabel,OU=Unit placeholder,DC=msnet,DC=railb,DC=be))</entry>   
    <entry key='ldap.user'>CN=****,OU=Users-Generic,OU=B0003 - SLAM,OU=ServeraaS,OU=IT Support Services,OU=ADaaService,DC=msnet,DC=railb,DC=be</entry>
    <entry key='ldap.password'>***</entry>

you shouldn't be able to see username/password when using LDAPS.. that's where it's for..

Server version is 4.6.

Once the certificate was OK and the plain LDAP worked, then LDAPS worked automatically.
We only had an issue that the LDAP user we used for traccar wasn't allowed to query the admin group which resulted in admin users not being given admin rights. But that's not an issue here I guess

redofi 5 years ago

Ok thank you a lot Mathias i will try out again

indeed i had same problems with admin rights when i used ldap

Thank you again it's kind of you !

Tupp3 years ago

I'm having problems connecting to LDAP with the new update 4.15 and having searches done to groups via sAMAccountName. I can see requests to the AD server using wiresharek. Please see below for my conf file code. Any help would be greatly appreciated:

<entry key='ldap.idAttribute>'sAMAccountName</entry>
<entry key='ldap.nameAttribute'>sAMAccountName</entry>
<entry key='ldap.mailAttribute'>sAMAccountName</entry>
<entry key='ldap.searchFilter'>(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar_Users,OU=Traccar,OU=Security,DC=prod,DC=ourdomain)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>
<entry key='ldap.adminFilter'>(&(sAMAccountName=:login)(memberOf:1.2.840.113556.1.4.1941:=CN=Traccar_Admins,OU=Traccar,OU=Security,DC=prod,DC=ourdomain)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))</entry>