Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
- ABP Framework version: v3.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Seperated (Angular): yes
What the steps to setup LDAP, I've checked the website but I didn't find any documentation for setting up LDAP
23 Answer(s)
-
0
hi
You can simply check passwords of the users from LDAP in the login page. If given username/password doesn't exists on LDAP, then it fallbacks to the local database, just like before.
Since it supports multi-tenancy, you can enable, disable and configure it for your tenants.
We use OpenLdapManager in account pro module by default. You can overider it's methods.
-
0
Okay, thanks I found the settings, but I have some follow up questions,
- Whats base domain component
- Do I need to supply a username & password or is it optional
- Do I need to make any modification to the code or does it work out of the box
- This is not related to LDAP both is there a way to disable or override the errorHandling for the RestService globalyl, or do I have do it per api?
-
0
Whats base domain component
It depends on your LDAP server. https://github.com/abpframework/abp/blob/1f0e3127cc1708f61a32de1cd664f68fc226b897/framework/test/Volo.Abp.Ldap.Tests/Volo/Abp/Ldap/LdapManager_Tests.cs#L23
Do I need to supply a username & password or is it optional
Username/password is required, it needs to have the permissions to query LDAP users and verify the password of LDAP users.
Do I need to make any modification to the code or does it work out of the box
It depends on your LDAP server. We use OpenLdapManager in account pro module by default.
This is not related to LDAP both is there a way to disable or override the errorHandling for the RestService globalyl, or do I have do it per api?
You can create a quesiton and our angular support staff will reply to you.
-
0
For the domain component does it have to be structured as dc=abp or can I use just abp
I've supplied the necessary value but I'm getting the error below LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C090453, comment: AcceptSecurityContext error, data 52e, v3839 LdapException: Matched DN:
The ldap credentials used are correct & have been tested with ldp.exe & telnet.
Please is there a way we can log values that are been used by OpenLdapManager?
-
0
hi
abp just a test name.
docker run --name ldap -d --env LDAP_ORGANISATION="abp" --env LDAP_DOMAIN="abp.com" --env LDAP_ADMIN_PASSWORD="123456" -p 389:389 -p 636:639 --detach osixia/openldap
-
0
Yes, I know, I was asking if the value base domain component has to be dc=domain or if it can just be domain?
-
0
I think it depends on your configure of LDAP server.
I am not particularly familiar with LDAP. I just implemented a simple authentication. You can completely customize it.
-
0
Okay thanks, to customize it, can I still follow the steps HERE which is from version 2.9 pr is there a diifferent documentation I can lookup?
-
0
The screens you have shown do not appear with me. We have just started Abp Framework, if you tell us with a detailed documentation, how will we add Ldap integration to the project and use it. Thank you already.
-
0
hi albert.ogbekhilu and muratdogan@hitit.edu.tr
You can check souce code of
OpenLdapManagerandLdapExternalLoginProviderThe ldap feature is base on https://github.com/abpframework/abp/pull/4979- Add LdapExternalLoginProvider on the Account PRO module.
- Allow to enable/disable LDAP login by a setting (using the setting management system).
- Define settings for LDAP options (using the setting management system).
- Create the UI to arrange settings, on the Account tab of the setting page
- Create a "feature" to enable/disable LDAP login by tenant/edition.
-
0
Hi maliming Thanks, I was able to add a new LdapExternalLoginProvider & override the NormalizeUserName() function to use cn instead uid & it works
One more question there's an Authenticate() function being called in the TryAuthenticateAsync() but it's not in the OpenLdapManager class, I think it's from the LdapManager class that is inherited by the OpenLdapManager, is there a way to see the source code for the Autheticate() function?
public override async Task<bool> TryAuthenticateAsync(string userName, string plainPassword) { if (!await FeatureChecker.IsEnabledAsync(AccountFeature.EnableLdapLogin)) { Logger.LogWarning("Ldap login feature is not enabled!"); return false; } if (!await SettingProvider.IsTrueAsync(AccountSettingNames.EnableLdapLogin)) { Logger.LogWarning("Ldap login setting is not enabled!"); return false; } return LdapManager.Authenticate(NormalizeUserName(userName), plainPassword); } -
0
As in the settings, I do not have the Ldap interface.
-
0
Hi muratdogan@hitit.edu.tr, You need to enable from the tenants, Administration > SAAS > Tenants There's a button Manage host features, you should be able to enable it from there, under the account tab
-
0
Can albert.ogbekhilu , maliming help me where to add LdapExternalLoginProvider and also how do I do what parts. I would appreciate it if it's visual. I just started the abp framework. Sorry I'm tiring you.
Can you explain in detail what we will add in the application with a detailed documentation. Can you describe it with the pictures of the application layer?
-
0
hi muratdogan@hitit.edu.tr
The
LdapExternalLoginProvideris build-in ofAccount.Promodule. It already added.Here is the source code of
LdapManager.https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ldap/Volo/Abp/Ldap/LdapManager.cs#L23
You can also check this. https://support.abp.io/QA/Questions/715#answer-5bc69be7-72b0-d348-9073-39f99a91f0b1
if you need the souce code of
OpenLdapManagerplease send an email to me. liming.ma@volosoft.com -
0
Hi @maliming,
ABP Framework version: v3.3.1 UI type: Angular DB provider: EF Core Tiered (MVC) or Identity Server Seperated (Angular): no
- Allow to enable/disable LDAP login by a setting (using the setting management system).
- Define settings for LDAP options (using the setting management system).
- Create the UI to arrange settings, on the Account tab of the setting page
- Create a "feature" to enable/disable LDAP login by tenant/edition.
I did the 4 items above. Is there anything I should do on the code side?
Also I get the following error in the log.
2021-01-05 11:58:08.789 +03:00 [ERR] Invalid Credentials LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v4563
How do I fill in the information in the image below. To fields other than server host and port?
my ldap info.
-
0
Hi @maliming, albert.ogbekhilu
Can you share your project on github. How many nights, how many days I've been struggling but I just couldn't figure it out.
-
0
hi @gvnuysal and @muratdogan@hitit.edu.tr
We are using ldap4net to handle LDAP authentication. You can try using this library first, such as connecting to your LDAP server and** authenticating users**.
The ldap source code in the account pro module is also very simple, all using ldap4net.
https://github.com/flamencist/ldap4net
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Ldap/Volo/Abp/Ldap/LdapManager.cs#L23
-
1
After clicking the login button on the login page, I can go to the account page and find out whether or not I can get information about ldap by debugging it. No Account Login cs in Abp Framework
-
0
https://github.com/Nordes/IdentityServer4.LdapExtension and config appsetting I ran this project with these settings.
{ "IdentityServerLdap": { // Example: If you use a redis instead of in-memory (See Startup.cs) //"redis": "localhost:32771,ssl=false", //"RefreshClaimsInSeconds": 3600, "Connections": [ { "FriendlyName": "Active directory", "Url": "LdapServerİpAdress", "Port": 389, "Ssl": false, "BindDn": "Hitit\\Administrator", "BindCredentials": "Password", "SearchBase": "DC=hitit,DC=edu,DC=tr", "SearchFilter": "(&(objectClass=user)(sAMAccountName={0}))", "PreFilterRegex": "^(?![a|A]).*$" // not mandatory and will take everything not starting with A } -
0
hi muratdogan@hitit.edu.tr
Let's discuss it in Github.
-
0
Ok @maliming thank you
-
0
many of these issues occur because of the misconfiguration of LDAP addresses, ports etc... it's better to eliminite ABP and try to work on a simple LDAP console application. @maliming can you create a very simple console app with https://github.com/flamencist/ldap4net . so that we'll see if the problem is in the framework or in configuration.. you can share it on your GitHub account
