Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Team mapping to LDAP group not working #4567

Open
2 tasks done
olle-priv opened this issue Jan 21, 2025 · 0 comments
Open
2 tasks done

Team mapping to LDAP group not working #4567

olle-priv opened this issue Jan 21, 2025 · 0 comments
Labels
defect Something isn't working in triage

Comments

@olle-priv
Copy link

Current Behavior

I'm trying to get the LDAP integration towards an Active Directory working but I'm having issues with the Team to LDAP group mapping.

What works:

  • Manually creating a LDAP user: If I manually create a LDAP user and assign it to a team I can successfully login using AD credentials.
  • Group lookup: From Teams -> Mapped LDAP groups I can search and add groups, so group lookup works as well.

What doesn't work:

  • Automatic assignment to a team based on AD group membership.

My config:

- ALPINE_LDAP_ENABLED=true
- ALPINE_LDAP_SERVER_URL=ldaps://somedc.ourdomain.local:636
- ALPINE_LDAP_BASEDN=OU=Organization,DC=ourdomain,DC=local
- ALPINE_LDAP_SECURITY_AUTH=simple
- ALPINE_LDAP_BIND_USERNAME=CN=someserviceaccount,OU=Devops,OU=Service Accounts,OU=Organization,DC=ourdomain,DC=local
- ALPINE_LDAP_BIND_PASSWORD=<redacted>
- ALPINE_LDAP_AUTH_USERNAME_FORMAT=%[email protected]
- ALPINE_LDAP_ATTRIBUTE_NAME=userPrincipalName
- ALPINE_LDAP_ATTRIBUTE_MAIL=mail
- ALPINE_LDAP_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group))
- ALPINE_LDAP_USER_GROUPS_FILTER=(&(objectClass=group)(objectCategory=Group)(member={USER_DN}))
- ALPINE_LDAP_GROUPS_SEARCH_FILTER=(&(objectClass=group)(objectCategory=Group)(cn=*{SEARCH_TERM}*))
- ALPINE_LDAP_USERS_SEARCH_FILTER=(&(objectClass=user)(objectCategory=Person)(cn=*{SEARCH_TERM}*))
- ALPINE_LDAP_USER_PROVISIONING=yes
- ALPINE_LDAP_TEAM_SYNCHRONIZATION=yes

What I've tried

  • Changing the ALPINE_LDAP_SERVER_URL port to 3269 (we're using LDAPS)
  • Changing ALPINE_LDAP_USER_GROUPS_FILTER to (member:1.2.840.113556.1.4.1941:={USER_DN})
  • Waited for the LDAP scheduled task to run.

Steps to Reproduce

  1. Create LDAP user. LDAP user is a direct member of group dtusers
  2. Add LDAP group dtusers as a mapped LDAP group for team Portfolio Managers
  3. Login as the user created in the first step

Result: User is authenticated successfully but gets a 403 forbidden since the user is not a member of any team.

Expected Behavior

User is added to the Portfolio Managers.

Dependency-Track Version

4.12.2

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

14

Browser

Mozilla Firefox

Checklist
@olle-priv olle-priv added defect Something isn't working in triage labels Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working in triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@olle-priv