• FEATURES
  • PRICING
  • MARKETPLACE
  • CASE STUDIES
  • BLOG
    •

    OpenSpecimen v2.0 beta 2 LDAP configuration

    Technical Questions
    #1

    Is LDAP supported in v2.0 beta 2? Where can I find the configuration documentation?

    Thanks,

    #2

    Hi @bmumph,

    Yes LDAP authentication is supported in v2.0-beta.02. For the steps to integrate please refer: https://catissueplus.atlassian.net/wiki/x/IYB9Ag.

    ~Nitesh

    #3

    I’ve used the API and still can’t get it to authenticate. I am using the same LDAP setting that I use in other applications to authenticate via LDAP, but can’t seem to get it working. Is there anything else that needs to be done within the application after setting the LDAP properties through the API? I assume I just need to make sure the username is the same as the username in active directory and switch the domain to the LDAP domain name on the sign in screen. Below are my setting. do you see anything wrong?

    {
    “name”: “lsumc-master”,
    “implClass”: “com.krishagni.catissueplus.core.auth.services.impl.LdapAuthenticationServiceImpl”,
    “authType”: “ldap”,
    “authProviderProps”: {
    “url”: “LDAP://ldap.example.com:389/DC=ldap,DC=example,DC=com”,
    “userDn”: “CN=(username for binding),OU=(OU containing this user),OU=(OU containing this user),DC=ldap,DC=example,DC=com”,
    “password”: “(binding user password)”,
    “userDnPatterns”: “uid= {0}”
    }
    }

    Thanks,

    #4

    Hi @bmumph,

    After configuring LDAP, you also need to create/register a user in OpenSpecimen with domain name as your LDAP domain name (like lsumc-master) and login name as the LDAP user name.

    Once you are registered, you should be able to login by using LDAP details.

    I hope this makes sense.

    Thanks,
    Vinayak

    #5

    Yes, it makes sense. I set the LDAP configurations using the API. I created a user with the domain set to lsumc-master and the username set to username in Active Directory (AD). When the username is created, I get an email with all the user information and it tells me to set the password. I’m assuming that is not necessary, since the password will come from LDAP. That will be confusing to the users authenticating through LDAP. When I try to login, I put my AD username, AD password, and change the domain to lsumc-master. But I get this error.

    Auth provider implementation detail specified in request is invalid.(AUTH_PROVIDER_INVALID_AUTH_IMPL)

    Any thoughts on this?

    Thanks,

    #6

    Hi @bmumph,

    Yes, you are right. There is no need to send reset password link in mail to LDAP user.
    We have noted it, will handle in upcoming builds.

    The userDnPatterns seems to be wrong. Check with “CN={0}” instead of “uid={0}”.

    The other reason might be with the Active Directory. In AD dn is not unique and it returns more than one result and it gets failed. Earlier we also faced this issue and we fixed this issue in the latest release.

    Please try this on the latest build. The latest build details are available here. We have also updated the documentation for the LDAP configuration. So please check the documentation once.

    Thanks,
    Vinayak Lonushte