LDAP configuration doesn't work
Better discription of the problem:
The webinterface connection refused an there are no logs of the problem in the traccar server log.
I would recommend searching this forum for some example. For example, I see that you're using a port as a part of URL. I'm not sure it works like that. We have a separate parameter for port.
The LDAP documentation might be slightly outdated because it's not a very common use case. But if you see any specific discrepancies, let me know.
I think I tried every example on this forum I can find. The problem is the most examples are not working configurations. There are just a few solution posts.
Now I removed the port form the URL and added the port parameter. But still not working.
This three options are just on the LDAP site and not on the gerneral config site.
ldap.enable - Main switch.
ldap.server - LDAP server name.
ldap.port - LDAP server port. Default is 389.
Meaby if you know what data to expect on the ldap server, you might use tcpdump to listen on that server port which data is received (just my two cents).
@Track-trace
Thanks for your two cents. :)
I think I have to run the tcpdump on the ldap server and not on the traccar server?
The LDAP server is a Windows Server Domaincontroller. The problem is, I don't want to install something on this server and I don't know an onboard tool for this.
And I don't have knowledge about LDAP network traffic and how it should look.
I solved the problem.
The problem was the password from the service account. I think a special character from the password crashed the xml interpretation.
Thanks for all help.
It does not crash. Special characters need to be escaped and that's expected behavior for XML files.
@Pigro95
Nice, so now that you got it working. Does it mean anyone else could use your above configuration as an working example?
I have made various adjustments to the configuration. Here is my current configuration:
<entry key='ldap.enable'>true</entry>
<entry key='ldap.url'>ldap://xxx.xxx.xxx.xxx</entry>
<entry key='ldap.port'>389</entry>
<entry key='ldap.user'>CN=xxxx,OU=xxxx,DC=xxxx,DC=xxxx</entry>
<entry key='ldap.password'>password</entry>
<entry key='ldap.force'>true</entry>
<entry key='ldap.base'>OU=xxxx,DC=xxxx,DC=xxxx</entry>
<entry key='ldap.idAttribute'>sAMAccountName</entry>
<entry key='ldap.nameAttribute'>displayName</entry>
<entry key='ldap.mailAttribute'>mail</entry>
<entry key='ldap.searchFilter'>(&(|(sAMAccountName=:login)(mail=:login))(memberOf=cn=xxxx,ou=xxxx,dc=xxxx,dc=xxxx))</entry>
<entry key='ldap.adminFilter'>(&(|(sAMAccountName=:login)(mail=:login))(memberOf=cn=xxxx,ou=xxxx,dc=xxxx,dc=xxxx))</entry>
The LDAP Server is a Windows Server 2019 with domaincontroller.
The only downside is that the adminfilter seems to only works at the first login of an account. That means that the permissions will no longer be adjusted for the next logins. I hope this works in an future update.
Hello
I'm trying to configure my Traccar Server (latest docker image) authentification with LDAP.
If I configure the LDAP options I can't access the webinterface. The LDAP server is an Microsoft Active Directory. Other servers with LDAP integrations works fine.
Is there something wrong with my configuration?
<entry key='ldap.url'>ldap://xxx.xxx.xxx.xxx:389</entry> <entry key='ldap.user'>CN=xx,OU=xx,OU=xx,OU=xx,DC=xx,DC=xx</entry> <entry key='ldap.password'>xx</entry> <entry key='ldap.force'>false</entry> <entry key='ldap.base'>OU=Users,OU=xx,DC=xx,DC=xx</entry> <entry key='ldap.idAttribute'>sAMAccountName</entry> <entry key='ldap.nameAttribute'>displayName</entry> <entry key='ldap.mailAttribute'>mail</entry> <entry key='ldap.searchFilter'>(|(cn=:login)(mail=:login))</entry> <entry key='ldap.adminFilter'>(cn=Domain Admins=:login)</entry>In the documentation there are more LDAP options on the LDAP configuration site (https://www.traccar.org/ldap/) as in the general configuration site (https://www.traccar.org/configuration-file/). Is the LDAP configuration site outdated?
Thanks for help.