Comments (9)
By memory you don't need to specify LDAP://
in the URL. Only the ip address will be fine.
I.E.:
"ldapActiveDirectory": {
// Active directory
"url": "79.123.184.30",
"port": 389,
"ssl": false,
"bindDn": "DC=hitit,DC=edu,DC=tr",
"bindCredentials": "******",
"searchBase": "CN=Users,DC=hitit,DC=edu,DC=tr",
// "searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"searchFilter": "(&(objectClass=user)(SAMAccountName={0}))",
// Example: If you use a redis instead of in-memory
//"redis": "localhost:32771,ssl=false"
}
from identityserver4.ldapextension.
Can we look at it with remote connectivity? even though it was not
from identityserver4.ldapextension.
from identityserver4.ldapextension.
I will try to reproduce locally. I don't have much time recently. But I'll do as fast as I can. However it seems your U/P are wrong.
Are you using Active Directory or you're using OpenLdap ?
from identityserver4.ldapextension.
Active Directory
from identityserver4.ldapextension.
services.AddIdentityServer()
.AddDeveloperSigningCredential()
////.AddSigningCredential(...) // Strongly recommended, if you want something more secure than developer signing (Read The Manual since it's highly recommended)
.AddInMemoryIdentityResources(InMemoryInitConfig.GetIdentityResources())
.AddInMemoryApiResources(InMemoryInitConfig.GetApiResources())
.AddInMemoryClients(InMemoryInitConfig.GetClients())
.AddLdapUsers(Configuration.GetSection("ldapActiveDirectory"), UserStore.InMemory);
from identityserver4.ldapextension.
Hi ,
Test Active Directory ?? login
from identityserver4.ldapextension.
Hi Nordes
Test Active Directory ?? login
from identityserver4.ldapextension.
For me it works with a configuration like the following:
{
"ldap": {
"url": "150.17.40.40",
"bindDn": "CN=ReadOnlyUserInAD,CN=users,DC=dev-svr,DC=local",
"bindCredentials": "×××××××",
"searchBase": "cn=users,DC=dev-svr,DC=local",
"searchFilter": "(&(objectClass=user)(objectClass=person)(sAMAccountName={0}))",
"redis": "localhost:32778,ssl=false",
// We keep the user data for about 10 minutes (Is that good?)
"refreshClaimsInSeconds": 600
},
"ConnectionStrings": {
"DefaultConnection": "server=localhost\\sqlexpress;database=eftest;trusted_connection=yes;MultipleActiveResultSets=true"
}
}
I think that your issue is the bindDN where it's supposed to be the user who have an access in readonly (or also write) in the LDAP. That account is used to validate that the username exists before doing an authentication under the connecting account.
This is mainly because if in the future we want to have a "add user feature" we could do it using the same connector. The users could be used within an auto-complete, by example.
from identityserver4.ldapextension.
Related Issues (20)
- Add ReferralFollowing support
- What is possible with implementation of ILDAP User store? HOT 1
- Throws an error if UID attribute is not present in Active Directory HOT 1
- **401 Unauthorized** all the time HOT 2
- Async ILdapUserStore HOT 2
- groups/roles support HOT 2
- Is connection pooling implemented in this library HOT 1
- How to get data info from AD profiles like emails, name, etc from scopes? HOT 4
- Roadmap for support auf IdentityServer4 version 3.1.x and up HOT 1
- Build custom docker image HOT 1
- How to connect LDAP with GSS-API ?
- Problem with Configuration online-ldap ? HOT 3
- Roadmap to IdentityServer4 v4 HOT 1
- Is there a reset password feature here yet? HOT 1
- IdentityServer version 4.1.2 HOT 6
- Wrong AD user returns token in Docker container HOT 2
- invalid_grant and "User has been disabled"
- Support Duende Identity instead of just IdentityServer4 HOT 1
- Can you to show example with sso? HOT 2
- Low performance (in 100 times more) Connect/Bind methods in Docker on Win11 with Linux containers HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver4.ldapextension.