Syncthing using OpenLDAP authentication not working -- Does it need a filter?

I’ve posted before on trying to use LDAP for authentication and for whatever reason I can’t get this to work at all.

From the command line I can do this:

LDAPTLS_REQCERT=never ldapsearch -D "cn=kevdog,ou=users,dc=ldap,dc=example,dc=com" -b 'ou=users,dc=ldap,dc=example,dc=com' -H ldaps://openldap.example.com -w <PASSWORD> uid=kevdog

I’m using these parameters LDAPTLS_REQCERT – since this is the same as syncthing’s INSECURE SKIP VERIFY???

Anyway with the above search I get the following from the Openldap server:

# extended LDIF
#
# LDAPv3
# base <ou=users,dc=ldap,dc=exampe,dc=com> with scope subtree
# filter: uid=kevdog
# requesting: ALL
#

# kevdog, users, ldap.example.com
dn: cn=kevdog,ou=users,dc=ldap,dc=example,dc=com
givenName: kevdog
sn: kevdog
cn: kevdog
uid: kevdog
uidNumber: 1000
mail: kevdog@example.com
loginShell: /bin/zsh
gidNumber: 1000
homeDirectory: /home/kevdog
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: hostObject
objectClass: organizationalPerson
objectClass: shadowAccount
userPassword:: <PASS>

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

With this working example the LDAP logs show:

9d conn=8293 fd=26 ACCEPT from IP=10.0.1.107:52408 (IP=0.0.0.0:636)

6004939d conn=8293 fd=26 TLS established tls_ssf=256 ssf=256

6004939d conn=8293 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=example,dc=com" method=128

6004939d conn=8293 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0

6004939d conn=8293 op=0 RESULT tag=97 err=0 text=

6004939d conn=8293 op=1 SRCH base="ou=users,dc=ldap,dc=example,dc=com" scope=2 deref=0 filter="(uid=kevdog)"

6004939d conn=8293 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=

Things start to fall apart however when I try to mimmic the behavior in syncthing:

Advanced Configuration -> Auth Mode -> ldap

And then I have the following:

Screen Shot 2021-01-17 at 1.54.38 PM1762×650 45.5 KB

So I’m thinking that is equivalent to my command line, however its definitely not allowing me to log in. The openldap logs show:

f0 conn=8285 fd=26 ACCEPT from IP=10.0.1.184:56205 (IP=0.0.0.0:636)

600492f0 conn=8286 fd=27 ACCEPT from IP=10.0.1.184:56206 (IP=0.0.0.0:636)

600492f0 conn=8287 fd=28 ACCEPT from IP=10.0.1.184:56207 (IP=0.0.0.0:636)

600492f0 conn=8285 fd=26 TLS established tls_ssf=128 ssf=128

600492f0 conn=8286 fd=27 TLS established tls_ssf=128 ssf=128

600492f0 conn=8285 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=example,dc=com" method=128

600492f0 conn=8285 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=exmape,dc=com" mech=SIMPLE ssf=0

600492f0 conn=8285 op=0 RESULT tag=97 err=0 text=

600492f0 conn=8286 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=exmaple,dc=com" method=128

600492f0 conn=8287 fd=28 TLS established tls_ssf=128 ssf=128

600492f0 conn=8286 op=0 BIND dn="cn=kevdog,ou=users,dc=ldap,dc=example,dc=com" mech=SIMPLE ssf=0

600492f0 conn=8286 op=0 RESULT tag=97 err=0 text=

600492f0 conn=8285 fd=26 closed (connection lost)

Is there something else I should be doing within syncthing to make this work. It doesn’t appear to be any type of TLS error as TLS is established. It would appear to be an authentication error perhaps. On the command line I was the -w parameter which is the user password. I would assume this is happening behind the scenes based on the password parameter that is type into the dialogue box.

Any help would be appreciated.

Remove the search settings, they look incorrect.

Thanks for help –

Removed the two search fields and it seems to work. Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.