I tried to configure cmdbuild for ldap authentication.
my config is:
centos 8.2.2004
tomcat 9.0.33
java openjdk version “11.0.7” 2020-04-14 LTS
cmdbuild 3.2-b

i run thos command found in user manual:
cmdbuild.sh restws setconfig auth.methods LdapAuthenticator,DBAuthenticator
cmdbuild.sh restws setconfig auth.ldap.server.address 192.168.1.1
cmdbuild.sh restws setconfig auth.ldap.server.port 389
cmdbuild.sh restws setconfig auth.ldap.use.ssl false
cmdbuild.sh restws setconfig auth.ldap.basedn dc=mydomain,dc=com
cmdbuild.sh restws setconfig auth.ldap.bind.attribute userPrincipalName
cmdbuild.sh restws setconfig auth.ldap.search.auth.method simple
cmdbuild.sh restws setconfig auth.ldap.search.auth.password MyPassWord123
cmdbuild.sh restws setconfig auth.ldap.search.auth.principal uid=cmdbuilduser,ou=mycompany,dc=mydomain,dc=com

i created a usr in cmdbuild with login equal to expected userprincipalname
i restarted tomcat
but no authentication succeded.
i tried filtering connection with tcpdump on cmdbuild server but port 389 was newer contarted .
i don’t have X11 installed on server so i cant run cmdbuild.sh restws editconfig.
i also tried to configure auth.conf file under /opt/tomcat/9.0.33/conf/cmdbuild with same parameters exept for sintax “directive = example” this file was been rewrited after tomcat restart.

Have you got any suggestions?

i have encreased log level to debug!
i can’t see any entry related to ldap authentication in log file.
Obviously i seted up authentication method to LdapAuthenticator,DBAuthenticator!
even is i set auhentication method to LdapAuthenticator (ONLY)
All users authentications are against DB!
i tried “cmdbuild.sh restws reloadconfig” and “systemctl restart tomcat”. Nothing changed!
As i wrote in the first post tcpdump dosen’t cach any traffic to ldap server.
firewall is stopped!
Any suggestions?

Where do you go to configure LDAP? I can’t seem to be able to find it.

Hi afpaps, I am facing exactly the same issue on CMDBuild 3.3.2… How did you resolve the issue?

Thank you in advance,

Petr

Hi,
only for other people with the same problem:
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.enabled true

This seems to be new in 3.3.x.

Franz

I’ve yet to get LDAP working. Does anyone have a detail guide?

For debugging, check the file ate $CATALINA_HOME/logs/cmdbuild.log.
It helped me to find out what was the problem.

Here is a quick guide of how to do it in CMDBuild 3.4.3 :

1. Config your auth system using GUI or CLI

GUI
$CATALINA_HOME/webapps/cmdbuild/cmdbuild.sh r editconfig

CLI
$CATALINA_HOME/webapps/cmdbuild/cmdbuild.sh restws setconfig <parameter> <value>

2. Set all you parameters (find them in the Technical Manual of CMDBuild 3.4.3)

3. Don’t forget to deactivate the classic db authentification unless you choose to keep it. To do it, change org.cmdbuild.auth.default.enabled to false.

Errors I got :

1. For the parameter org.cmdbuild.auth.ldap.server.address, do not add the prefix “ldap://”. CMDBuild add it automatically even if you already add it. I had a problem because CMDBuild added the prefix and then tried to parse the address “ldap://ldap://ldapserverdomainname” which was wrong.

2. Be sure to understand how LDAP works before trying to setting up. You can first try to find the user using CLI commands to access you LDAP server to be sure it is accessible from your server. I had a problem because I didn’t understand that the “bind user” can be in a totally different location of the LDAP tree. My bind user was in a different OU (Organizationnal Unit) than the users I wanted to target.