We hope you'll join us for our 4/23 webinar on using data tables to apply reference ranges and AE codes in OC4. For more information and to register, visit https://register.gotowebinar.com/register/2882170018956684555

How does authentication via LDAP work?

Hello,

I've successfully connected our OpenClinica instance to the hospital AD via LDAP - I can search and add users. However, they cannot log in until I reset password in admin GUI.

Is it a normal behaviour to create local passwords or should authentication have worked via LDAP?

Best regards,
Alexander

Comments

  • ebsebs Posts: 137 ✭✭
    Hi,

    No this is not normal. For a user added using LDAP the password should be maintained in the LDAP repository.

    Does your LDAP insist on "user must change password on initial login". We see the inability to login via OC when the users LDAP password needs to be reset, however OC does not report this and just denies entry until password reset in the LDAP system.

    Thanks
    Eric
  • PLeusmannPLeusmann Posts: 28
    Hi,

    I take over working on this issue from Alexander.

    No, the AD-server does not require to reset the password.

    Any chance to debug this?
  • Hi,

    I am adevaykin's successor and I currently work on this issue.

    I uncovered more details:

    When creating an LDAP user over the OC GUI, the AD connection is indeed working and the user seems to be created correctly.
    I inspected the user_account table and found out, that the passwd field for the LDAP users are set to "*" (without quotes). Is this normal?

    I also set the log level to trace and (unsuccessfully) tried to log in over the GUI.
    I got this log output.

    The output makes me wonder, whether the AD server has been queried at all. Shouldn't the trace log contain any hint of the AD server?

  • ebsebs Posts: 137 ✭✭
    Yes the * in the password field seems to be normal for LDAP users.

    Have a look in the other log files as well. From memory there is usually a line "Is LDAP user TRUE" mentioned somewhere - although this may be version dependant.

    What version are you running?

  • Hi,

    sry for the late reply. The running Version is:

    Version: 3.8 - Changeset: 00dbfe32bdfe

    I searched all available logs and LDAP was mentioned nowhere.
  • ebsebs Posts: 137 ✭✭
    I'd suggest setting the logging levels to the most detailed and trying to debug that way.

    Other than that I think you will need to start debugging at a network level.
Sign In or Register to comment.