LDAP Auth on self-hosted taiga VM : cannot login

Bino_Oetomo · June 1, 2024, 3:52am

Dear All

I have a freeIPA installation.

I learn how to make a django project that use the freeIPA ldap service


LDAP_SERVER = '[freeipa.mydomain.net](http://freeipa.mydomain.net/)'
AUTH_LDAP_SERVER_URI = f'ldap://{LDAP_SERVER}'

AUTH_LDAP_BIND_DN = f"uid={os.environ.get('LDAP_BIND_UID')},cn=users,cn=accounts,dc=mydomain,dc=net"
AUTH_LDAP_BIND_PASSWORD = os.environ.get('LDAP_BIND_PWD')
AUTH_LDAP_USER_DN_TEMPLATE = 'uid=%(user)s,cn=users,cn=accounts,dc=mydomain,dc=net'

AUTH_LDAP_USER_ATTR_MAP = {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail'
}

AUTH_LDAP_GROUP_BASE = "cn=groups,cn=accounts,dc=mydomain,dc=net"
AUTH_LDAP_GROUP_FILTER = "(objectClass=groupOfNames)"
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_BASE,
ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_FILTER)
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")

AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True

# Cache names and group memberships for an hour to minimize LDAP traffic.
AUTH_LDAP_CACHE_TIMEOUT = 3600

AUTH_LDAP_MIRROR_GROUPS = True # Will sync ldap groups to django, if not exist
# AUTH_LDAP_MIRROR_GROUPS_EXCEPT except some groups we don't want to mirror in django

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
'is_staff': 'cn=ipausers,' + AUTH_LDAP_GROUP_BASE,
}

# 'is_superuser': 'cn=ipausers,' + AUTH_LDAP_GROUP_BASE,

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

that app is running well.
I can login to it using my freeIPA account.

Next I try to adopt that settings.py to make adjustment to my taiga-back/settings/config.py
(per GitHub - Monogramm/taiga-contrib-ldap-auth-ext: 🐍 Extended Taiga plugin for LDAP authentication )


import os

INSTALLED_APPS += ["taiga_contrib_ldap_auth_ext"]

# Multiple LDAP servers are currently not supported, see
# https://github.com/Monogramm/taiga-contrib-ldap-auth-ext/issues/16

LDAP_SERVER = "ldap://[freeipa.mydomain.net](http://freeipa.mydomain.net/)"
LDAP_PORT = 389

LDAP_BIND_DN = f"uid={os.environ.get('LDAP_BIND_UID')},cn=users,cn=accounts,dc=mydomain,dc=net"
LDAP_BIND_PASSWORD = os.environ.get('LDAP_BIND_PWD')

LDAP_SEARCH_BASE = 'DC=mydomain,DC=net'

LDAP_USERNAME_ATTRIBUTE = "uid"
LDAP_EMAIL_ATTRIBUTE = "mail"
LDAP_FULL_NAME_ATTRIBUTE = "givenName"

LDAP_SAVE_LOGIN_PASSWORD = False

LDAP_MAP_USERNAME_TO_UID = None

but with that configuration, I can not login using my FreeIPA account.

Kindly please tell me what to check/do tfor fixing this problem

-bino-

Topic		Replies	Views
Ldap Integration Taiga Self hosted Dockerized does not work - HELP! Self hosted Taiga issues , docker , ldap	3	1010	December 9, 2023
Taiga LDAP doesn't authorize only one user Self hosted Taiga	1	143	June 26, 2024
Need help tp setup saml auth Self hosted Taiga	0	114	August 11, 2024
Taiga LDAP Docker compose Taiga basics issues , ldap	2	137	March 20, 2025
Taiga 6 : LDAP accounts are not created Self hosted Taiga issues , ldap	4	216	June 16, 2024

LDAP Auth on self-hosted taiga VM : cannot login

Related topics

Get Taiga for free