Open Closed

LDAP Setup documentation #715


User avatar
0
albert.ogbekhilu created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

  • ABP Framework version: v3.1
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Seperated (Angular): yes

What the steps to setup LDAP, I've checked the website but I didn't find any documentation for setting up LDAP


23 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can simply check passwords of the users from LDAP in the login page. If given username/password doesn't exists on LDAP, then it fallbacks to the local database, just like before.

    Since it supports multi-tenancy, you can enable, disable and configure it for your tenants.

    We use OpenLdapManager in account pro module by default. You can overider it's methods.

  • User Avatar
    0
    albert.ogbekhilu created

    Okay, thanks I found the settings, but I have some follow up questions,

    1. Whats base domain component
    2. Do I need to supply a username & password or is it optional
    3. Do I need to make any modification to the code or does it work out of the box
    4. This is not related to LDAP both is there a way to disable or override the errorHandling for the RestService globalyl, or do I have do it per api?
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Whats base domain component

    It depends on your LDAP server. https://github.com/abpframework/abp/blob/1f0e3127cc1708f61a32de1cd664f68fc226b897/framework/test/Volo.Abp.Ldap.Tests/Volo/Abp/Ldap/LdapManager_Tests.cs#L23

    Do I need to supply a username & password or is it optional

    Username/password is required, it needs to have the permissions to query LDAP users and verify the password of LDAP users.

    Do I need to make any modification to the code or does it work out of the box

    It depends on your LDAP server. We use OpenLdapManager in account pro module by default.

    This is not related to LDAP both is there a way to disable or override the errorHandling for the RestService globalyl, or do I have do it per api?

    You can create a quesiton and our angular support staff will reply to you.

  • User Avatar
    0
    albert.ogbekhilu created

    For the domain component does it have to be structured as dc=abp or can I use just abp

    I've supplied the necessary value but I'm getting the error below LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 LdapException: Matched DN:

    The ldap credentials used are correct & have been tested with ldp.exe & telnet.

    Please is there a way we can log values that are been used by OpenLdapManager?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    abp just a test name.

    docker run --name ldap -d --env LDAP_ORGANISATION="abp" --env LDAP_DOMAIN="abp.com" --env LDAP_ADMIN_PASSWORD="123456" -p 389:389 -p 636:639 --detach osixia/openldap
    

  • User Avatar
    0
    albert.ogbekhilu created

    Yes, I know, I was asking if the value base domain component has to be dc=domain or if it can just be domain?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I think it depends on your configure of LDAP server.

    I am not particularly familiar with LDAP. I just implemented a simple authentication. You can completely customize it.

  • User Avatar
    0
    albert.ogbekhilu created

    Okay thanks, to customize it, can I still follow the steps HERE which is from version 2.9 pr is there a diifferent documentation I can lookup?

  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    The screens you have shown do not appear with me. We have just started Abp Framework, if you tell us with a detailed documentation, how will we add Ldap integration to the project and use it. Thank you already.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi albert.ogbekhilu and muratdogan@hitit.edu.tr

    You can check souce code of OpenLdapManager and LdapExternalLoginProvider The ldap feature is base on https://github.com/abpframework/abp/pull/4979

    • Add LdapExternalLoginProvider on the Account PRO module.
    • Allow to enable/disable LDAP login by a setting (using the setting management system).
    • Define settings for LDAP options (using the setting management system).
    • Create the UI to arrange settings, on the Account tab of the setting page
    • Create a "feature" to enable/disable LDAP login by tenant/edition.
  • User Avatar
    0
    albert.ogbekhilu created

    Hi maliming Thanks, I was able to add a new LdapExternalLoginProvider & override the NormalizeUserName() function to use cn instead uid & it works

    One more question there's an Authenticate() function being called in the TryAuthenticateAsync() but it's not in the OpenLdapManager class, I think it's from the LdapManager class that is inherited by the OpenLdapManager, is there a way to see the source code for the Autheticate() function?

    public override async Task<bool> TryAuthenticateAsync(string userName, string plainPassword)
            {
                if (!await FeatureChecker.IsEnabledAsync(AccountFeature.EnableLdapLogin))
                {
                    Logger.LogWarning("Ldap login feature is not enabled!");
                    return false;
                }
    
                if (!await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLdapLogin))
                {
                    Logger.LogWarning("Ldap login setting is not enabled!");
                    return false;
                }
    
                return LdapManager.Authenticate(NormalizeUserName(userName), plainPassword);
            }
    
  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    As in the settings, I do not have the Ldap interface.

  • User Avatar
    0
    albert.ogbekhilu created

    Hi muratdogan@hitit.edu.tr, You need to enable from the tenants, Administration > SAAS > Tenants There's a button Manage host features, you should be able to enable it from there, under the account tab

  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    Can albert.ogbekhilu , maliming help me where to add LdapExternalLoginProvider and also how do I do what parts. I would appreciate it if it's visual. I just started the abp framework. Sorry I'm tiring you.

    Can you explain in detail what we will add in the application with a detailed documentation. Can you describe it with the pictures of the application layer?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi muratdogan@hitit.edu.tr

    The LdapExternalLoginProvider is build-in of Account.Pro module. It already added.

    Here is the source code of LdapManager.

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ldap/Volo/Abp/Ldap/LdapManager.cs#L23

    You can also check this. https://support.abp.io/QA/Questions/715#answer-5bc69be7-72b0-d348-9073-39f99a91f0b1

    if you need the souce code of OpenLdapManager please send an email to me. liming.ma@volosoft.com

  • User Avatar
    0
    gvnuysal created

    Hi @maliming,

    ABP Framework version: v3.3.1 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Seperated (Angular): no

    • Allow to enable/disable LDAP login by a setting (using the setting management system).
    • Define settings for LDAP options (using the setting management system).
    • Create the UI to arrange settings, on the Account tab of the setting page
    • Create a "feature" to enable/disable LDAP login by tenant/edition.

    I did the 4 items above. Is there anything I should do on the code side?

    Also I get the following error in the log.

    2021-01-05 11:58:08.789 +03:00 [ERR] Invalid Credentials LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v4563

    How do I fill in the information in the image below. To fields other than server host and port?

    my ldap info.

  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    Hi @maliming, albert.ogbekhilu

    Can you share your project on github. How many nights, how many days I've been struggling but I just couldn't figure it out.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi @gvnuysal and @muratdogan@hitit.edu.tr

    We are using ldap4net to handle LDAP authentication. You can try using this library first, such as connecting to your LDAP server and** authenticating users**.

    The ldap source code in the account pro module is also very simple, all using ldap4net.

    https://github.com/flamencist/ldap4net

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ldap/Volo/Abp/Ldap/LdapManager.cs#L23

  • User Avatar
    1
    muratdogan@hitit.edu.tr created

    After clicking the login button on the login page, I can go to the account page and find out whether or not I can get information about ldap by debugging it. No Account Login cs in Abp Framework

  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    https://github.com/Nordes/IdentityServer4.LdapExtension and config appsetting I ran this project with these settings.

    {
      "IdentityServerLdap": {
        // Example: If you use a redis instead of in-memory (See Startup.cs)
        //"redis": "localhost:32771,ssl=false",
        //"RefreshClaimsInSeconds": 3600,
        "Connections": [
                  
          {
    
    
            "FriendlyName": "Active directory",
            "Url": "LdapServerİpAdress",
            "Port": 389,
            "Ssl": false,
            "BindDn": "Hitit\\Administrator",
            "BindCredentials": "Password",
            "SearchBase": "DC=hitit,DC=edu,DC=tr",
            "SearchFilter": "(&(objectClass=user)(sAMAccountName={0}))",
            "PreFilterRegex": "^(?![a|A]).*$" // not mandatory and will take everything not starting with A
          }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi muratdogan@hitit.edu.tr

    Let's discuss it in Github.

  • User Avatar
    0
    muratdogan@hitit.edu.tr created

    Ok @maliming thank you

  • User Avatar
    0
    alper created
    Support Team Director

    many of these issues occur because of the misconfiguration of LDAP addresses, ports etc... it's better to eliminite ABP and try to work on a simple LDAP console application. @maliming can you create a very simple console app with https://github.com/flamencist/ldap4net . so that we'll see if the problem is in the framework or in configuration.. you can share it on your GitHub account

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35