LDAP configuration


I am not able to create connection between metabase and LDAP.

I am trying to set it up similar with our Zeppelin configuration:
ldapRealm.contextFactory.url = our_url
ldapRealm.contextFactory.systemUsername = our_username
ldapRealm.contextFactory.systemPassword = our_password

ldapRealm.userDnTemplate = cn={0},ou=people,dc=xha,dc=app
ldapRealm.memberAttributeValueTemplate = cn={0},ou=people,dc=xha,dc=app
ldapRealm.authorizationEnabled = true
ldapRealm.searchBase = dc=xha,dc=app
ldapRealm.userSearchBase = ou=people,dc=xha,dc=app
ldapRealm.groupSearchBase = ou=group,dc=xha,dc=app
ldapRealm.userSearchAttributeName = uid
ldapRealm.userSearchFilter = (&(objectclass=*)(uid={0}))
ldapRealm.memberAttribute = memberUid

When I tried similar configuration:
URL, Username, Password, worked well.

I tried use “ou=people,dc=xha,dc=app” for “USER SEARCH BASE”, but it did not work and I get error in log: errors {:ldap-user-base “User search base does not exist or is unreadable”}}

So it seems, that “USER SEARCH BASE” is in reality “GROUP SEARCH BASE”.
The only one value which working in “USER SEARCH BASE” is “OU=group,DC=xha, DC=app”

I tried for “USER FILTER”:
I also tried with empty filter.

Nothing works yet and I am stuck on this for like 2 weeks.
In log is just: {:errors {:password “did not match stored password”}}

I also tried steps in LDAP Debugging but I am still not able to make it work.

Our “LDAP” accounts have no email -> Autenticate by LDAP a user that have no email I do not know if this is still “hardcoded” in version: 0.34.2

So, do you have any suggestions, how can I figured it out?

Thank you in advance

Hi @drydog
I would highly recommend that you enable debugging on the LDAP server, then use a program that currently works with your LDAP, and then verify that Metabase is sending the same search parameters and credentials.
You might want to use Wiresharp/tcpdump to capture traffic if you cannot enable enough debugging on LDAP server.

Hi @flamber,
Thx for the response.
I am currently running it in internal site of our company.
I am not able to run ldap in debug mode and I am not able install wireshark neither.