We have partially successfully configured the Active Directory authentication, however :
We have to add 2 users (admin + another user) to make the “User” field visible on the login page. With only admin user in Settings > Users we just have the password field and cannot specify the username
The sub scope in field “LDAP/AD group and class query” don’t seem to be effective. The AD authentication only works if we specify the users cn. For example :
**cn=users,**DC=MYDOMAIN,DC=LOCAL?memberOf,objectClass?sub?(sAMAccountName={USERNAME}) is okay but
DC=MYDOMAIN,DC=LOCAL?memberOf,objectClass?sub?(sAMAccountName={USERNAME}) failed
Something fishy still with AD/LDAP authentication. Only one user seems to be able to authenticate properly with LDAP authentication and for this user the autoclient value is 1. The rest of the users will not be able to authenticate and instead get the following error:
“Inactivity caused this session to become invalid. Please login again to proceed”
Having added a few debugging messages into the code I can see that for failing users the “autoclients” db_res.size() is 0 while for the working user it returns 1.
Is there something wrong with the db query in the LDAP login code (Helper::ldapLogin)? Or any other pointers where to search for the problem? All users have an assigned number and backups are being run properly, it just looks like the LDAP authentication part is broken.
users_on_client gets populated during file backups, so you need to run those.
The user enumeration on the client is currently broken, as it only enumerates local users. I need to setup a test environment to fix that (if the whole concept even works). Currently it is using NetUserEnum with filter FILTER_NORMAL_ACCOUNT.
Is there a way to query multiple CNs in one query or do I need to add the ability to have multiple queries?
I’m only running file backups in internet mode so still a bit puzzled why the db_res.size() is 0 for other than the first user ever created.
The only difference I can tell is that the first user might have done one backup before the internet mode was enabled if that matters.
Currently there are 7 test users and all of them have done both full and incremental file backups. But only the first one can authenticate properly with LDAP.
Ok, having debugged the SQLite database it turns out that the issue is not on UrBackup side, but rather in the test environment where the Windows client(s) usernames are not matching with the LDAP user names. This can be fixed in our test environment.
