Our all apps are using openldap1.2.4 for authentication, so we'd like integrate metabase with ldap too.
unfortunately, we got:
password: did not match stored password
I'm pretty sure that user dn, search base dn are correct, I also set email , givenname and sn for users on our ldap server.
I have tried theses filters:
uid={login}
(&uid={login})
(&(objectClass=inetOrgPerson)(|(uid={login})(mail={login})))
......
still get same error.
Then, I don't have any more clue to figure out.
how do I get more details? Or any suggestions?
thanks
I just saw this https://www.metabase.com/enterprise/pricing.html , does it mean only enterprise supports ldap authentication?
No, it’s just a pain to get it to work.
flamber
February 19, 2020, 12:51pm
4
Hi @chen2liang4
The LDAP (and Google Sign-In) are part of the Community Edition:
https://www.metabase.com/docs/latest/administration-guide/10-single-sign-on.html
Do you see more details in the Metabase log (Admin > Troubleshooting > Logs) or on the LDAP server?
Have you tried to enable debug logging on the LDAP server and see if the Metabase lookup filter matches other programs?
Thanks @flamber .
Finally, it works! what I want to share are:
ensure your ldap entry has these attributes: email, givenName, sn.
email value must match email format.
openldap’s email attribute is actually named “mail”, instead of “email”. Even phpLDAPAdmin show it as “email”.
2 Likes