What's wrong with LDAP

Our all apps are using openldap1.2.4 for authentication, so we’d like integrate metabase with ldap too.
unfortunately, we got:

password: did not match stored password

I’m pretty sure that user dn, search base dn are correct, I also set email , givenname and sn for users on our ldap server.

I have tried theses filters:

  • uid={login}
  • (&uid={login})
  • (&(objectClass=inetOrgPerson)(|(uid={login})(mail={login})))

still get same error.
Then, I don’t have any more clue to figure out.
how do I get more details? Or any suggestions?

thanks

I just saw this https://www.metabase.com/enterprise/pricing.html, does it mean only enterprise supports ldap authentication?

No, it’s just a pain to get it to work.

Hi @chen2liang4
The LDAP (and Google Sign-In) are part of the Community Edition:
https://www.metabase.com/docs/latest/administration-guide/10-single-sign-on.html

Do you see more details in the Metabase log (Admin > Troubleshooting > Logs) or on the LDAP server?
Have you tried to enable debug logging on the LDAP server and see if the Metabase lookup filter matches other programs?

Thanks @flamber.

Finally, it works! what I want to share are:

  1. ensure your ldap entry has these attributes: email, givenName, sn.
  2. email value must match email format.
  3. openldap’s email attribute is actually named “mail”, instead of “email”. Even phpLDAPAdmin show it as “email”.
2 Likes