To start with, I would like to mention that I already referred the following link:
I gave the following entries in distributed.properties file:
Still, LDAP authentication is not working. Getting the following error during login using the web interface:
Your login attempt was unsuccessful, try again.
Reason: Bad credentials.
Had verified the following:
* The username and password entered was correct.
* Request is hitting the LDAP server.
(Could confirm this because if I give incorrect values for fqdn and password, I get the following error that is different from the above error:
Reason: Failed to log in to the LDAP server. Please verify that your user name and password are correct..)
Not sure why authentication is not happening. Appreciate your inputs.
Hi, just wanted to chime in that there was a very recent documentation update for LDAP integration to add a missing step: Enable LDAP Integration - CA Release Automation - 5.5.1 - CA Wiki. Perhaps this was your issue. See Step 4. There is another XML file that you need to update that was not reflected in the previous doc (or the communities doc).
I hope this helps. Let me know!
Archer – is that XML file needed for all LDAP? Or just non-Active Directory?
I believe it's non-AD only.
Great, works fine.
And, there is one more hurdle that I am facing now. Presently, the situation is like any member registered in the LDAP server can login into CA Release Automation application. In order to constrain the access only to the members of a particular group (cn=cara-users,ou=groups,ou=devops,o=techmahindra in my case), I had implemented the memberOf attribute (overlay) in my OpenLDAP server. And, in order to use the memberOf attribute (overlay), I gave the following in the applicationContext-acegi-security.xml file:
This is not working for me - that is, even if the user is not a member of cn=cara-users,ou=groups,ou=devops,o=techmahindra,login is possible.
I also tried the following:
The application crashes in this scenario.
Hence, I am not sure what needs to be done here. Your inputs are much appreciated.
Simple, it is bad credentials.
Check if you can use this same credentials to individual add users via Import from LDAP.
If you can then make sure the id has proper access. You have to have elevated privilege not just user account. It has to be able to read groups, users and other information related to users and groups.