[SOLVED] ldap authentication fails (added '@pmg' suffix)

I

IEM

Well-Known Member
Proxmox Subscriber
Sep 4, 2018
70
10
48
48
Austria
i have my quarantine authentication configured to use LDAP or Ticket, and setup an LDAP backend (without groups).
When I click on "Users of 'myldap'" in the Configuration/User Management, i can see all the users in a table
DNAccountPrimary Email
uid=foo,ou=people,o=Staff,o=iem,dc=example,dc=comfoofoo@example.com

However, the users cannot login., and are simply given a popup that says
Code: 
Login failed: Please try again

In the system logs I see:
Code: 
Jun 29 09:12:54 pmgdaemon pmgdaemon[875868]: authentication failure; rhost=::ffff:192.168.0.25 user=foo@example.com@pmg msg=no such user ('foo@example.com@pmg')

Two observations:
  • why does it say 'foo@example.com@pmg'? aka: where does this '@pmg' suffix come from? if PMG is really trying to authenticate with this username, there's little wonder it doesn't work
  • 192.168.0.25 is the IP address of my internal mailserver; not of the LDAP server i told it to use.

How can I allow my users to login via LDAP (e.g. because they've already deleted the ticket-email)
 
  • Like
Reactions: Stoiko Ivanov
yikes. indeed (and with /quarantine login also succeeds)

but... how should anybody notice the difference?
the two login-screens look identical.

iirc, a couple of years ago i have requested some possibility to adjust the login page (mostly to tell people that they have to use their email-address to login, rather than their username). This would also allow me to direct people (including myself) to the /quarantine login page from the / login page.
 
You must log in or register to reply here.
Top Bottom