LDAP fixed base DN errors



  • Veyon 4.2 RC (4.1.92) (Windows 10) released on 2019-04-05 has an Active Directory / LDAP browser (looking glass symbol) to select a Fixed Base DN.

    Our organization's base DN is something like this:

    dc=com
    ...dc=world
    ......dc=hello
    .........dc=region
    ............ou=cluster
    ...............ou=site

    Anonymous bind is allowed and Veyon reports LDAP server communication is successful.

    When we try to set a fixed base DN using the looking glass browser, we can see all 'dc' levels, but we cannot select any of them as our base DN. Veyon presents us with an overly complex error message for what effectively seems to be a basic LDAP error.

    In addition, Veyon does not show / accept fixed base DNs containing an OU. We are unable to drill down to the OU that is supposed to be the desired fixed base DN.

    Veyon does also not accept dc=com,dc=world,dc=hello,dc=region when entered manually for some reason.

    If we switch to "Discover based by naming context" and click "Test", Veyon reports back it has found:

    "dc=com,dc=world,dc=hello,dc=region"

    If we then enter this manually in the "Discover based by naming context" input field, Veyon returns same LDAP error message as before.

    It seems the LDAP fixed base DN selection needs some work as currently it is not very flexible / robust.

    "we'll provide the LDAP Pro plugin on a commercial base very soon."

    I am not sure what this means. The phrase "commercial" seems to suggest (parts of) Veyon will become closed source? Users need out-of-the-box functioning basic LDAP integration before an LDAP Pro plugin at a guess.



  • Hello @countzero

    first of all welcome to Veyon and thanks for testing! Regarding your issues: have you used a previous version of Veyon and if so, did a fixed base DN work in these versions? To further investigate this issue we'd need more information. Could you please try to set the log level to "Debug", restart Veyon Configurator and perform the steps again leading to the described behaviour? You should then find many lines prefixed with "[DEBUG][LDAP]" in %TEMP%/VeyonConfigurator.log which could indicate possible problems in Veyon. If possible post them here or send me a PM with the details.

    The LDAP Pro plugin will be an additional closed-source plugin similar to LDAP Basic but with more features such as multi-domain/site support. We'll publish a blog post on it soon. Veyon itself will always remain open source software.



  • Problem was caused by anonymous AD bind. Even though Veyon reported anonymous bind was successful, auth bind had to be used using domain\user + password syntax. All good. Case closed.


Log in to reply