Open Closed

Ldap login settings page missing domain name parameter #2263


User avatar
0
bozkan created

We are trying to use LDAP login feature, and Active Directory requires the username with its domain name like "domain\user". But there is no "Domain name" setting in the page, as we would like to keep this ldap settings per tenant, we cannot add the domain name prefix to username with a hard-coded domain name like described in here: https://docs.abp.io/en/commercial/latest/modules/account/ldap#customize-built-in-services

So I think an additional setting for Domain name would be useful in here, to not hard-code it and keep it tenant-based via settings page. As the current settings page is missing it, now we have to add a custom settings page for the domain name. What are your thoughts? Is there any alternative solution?

Thanks.


7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Active Directory requires the username with its domain name like "domain\user".

    domain\user is a good solution, then you can split the domain and username in your custom ldap service.

    You can also add a new setting and override the setting page.

  • User Avatar
    0
    bozkan created

    Hi maliming, thanks for the response. But I didn't get what you mean by saying domain\user is a good solution.

    Active Directory requires domain name with user name, but abp's ldap settings page do not have any domain name parameter, so as of now abp's ldap login feature cannot be used properly at least with default settings capabilities (I know that we can override methods to normalize user names, but it should not be hard-coded, and also be stored tenant based). I think it would be great to have domain name setting added to ldap login settings page in the next versions. Do you have any plans for that.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Active Directory requires domain name with user name

    Can you share relevant documents?

  • User Avatar
    0
    bozkan created

    Hi maliming,

    I don't have any official documentation right now, explaining that we should use domain name. Maybe it could be found after a deep research. But when I try ldap bind without the domain name (just the username itself) I get the following error:

    Invalid Credentials. Invalid Credentials. Result: 49. Method: ldap_parse_result. Details: errorMessage: 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 matchedMessage:

    And when I search the error, I saw that many people resolve this error by appending the domain name to the user name when making ldap bind. And when I append the domain name, problem is solved.

    Examples:

    https://stackoverflow.com/a/52474797/ https://stackoverflow.com/a/52725355/ https://stackoverflow.com/a/53442129/ https://stackoverflow.com/a/56896250/ https://stackoverflow.com/a/60112692/ https://stackoverflow.com/a/31692694/ https://stackoverflow.com/a/31692694/

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    sample_user@sample_domain

    I still think it would be easier to customize the built-in LDAP service.

    You can create a feature request on Github

  • User Avatar
    0
    bozkan created

    We can customize the LDAP service, but again we need to store the tenant based domain name setting somewhere. I think the current ldap login settings page is the best place for it, isn't it?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    See https://github.com/abpframework/abp/issues/10927

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11