OpenLDAP Authentication Profile Search Properties

I am using OpenLDAP at my remote sites as a proxy to access my primary Active Directory domain controller.

When creating a new AD user source in the Igntion Gateway, I need help to configure the LDAP search properties to work with OpenLDAP.

The error that I am receiving in the console is "Failed connecting to LDAP server. Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

I has the exact same problem.
I use the TurnKey OpenLDAP Appliance. I can use the included phpLDAPadmin to browse/add/delete objects but i cannot log in by using the Gateway User Source.

The console reads the same error message ([LDAP: error code 34 - invalid DN])

Did you manage to configure your Users Source ?

Ignition Version : 7.7.5

Joining the list with some more details, and a question:

What steps does the authentication mechanism take when authenticating a user and what is the “Gateway Username” used for? Its description reads “The login name for the gateway to use when querying Active Directory. Used for retrieving the list of users and roles via LDAP.” but something doesn’t add up for me, so let me try to explain.

I have configured Ignition to use “admin” as the gateway user, with cn= and dc=xxx,dc=yyy,yyy=zzz, and it’s able to log in successfully (also the search base and filters for users and groups/roles):

[13:42:31]: [profileName=LDAP] Connecting to "ldap://server:389" as "cn=admin,dc=xxx,dc=yyy,dc=zzz"... 
[13:42:31]: [profileName=LDAP] Searching for user in [dc=xxx,dc=yyy,dc=zzz] with filter "(objectClass=inetOrgPerson)"... 
[13:42:31]: [profileName=LDAP] Successfully loaded user: "{username=cgi}" 
[13:42:31]: [profileName=LDAP] Successfully loaded user: "{username=fan}" 
[13:42:31]: [profileName=LDAP] Successfully loaded user: "{username=cgi2}" 
[13:42:31]: [profileName=LDAP] Found 3 user in 1 ms 
[13:42:31]: [profileName=LDAP] Connecting to "ldap://server:389" as "cn=admin,dc=xxx,dc=yyy,dc=zzz"... 
[13:42:31]: [profileName=LDAP] Searching for roles in [ou=groups,dc=xxx,dc=yyy,dc=zzz] with filter "(objectClass=groupOfUniqueNames)"... 
[13:42:31]: [profileName=LDAP] Found 9 roles in 1 ms

Now, when I try to login with one of the users (cgi2), the initial bind is successful, however the system subsequently tries to query the tree with the exact same user, instead of the admin, and fails (obviously the user is restricted and does not have the same rights as the admin):

[13:42:35]: [profileName=LDAP] Connecting to "ldap://server:389" as "cn=cgi2,dc=xxx,dc=yyy,dc=zzz"... 
[13:42:35]: [profileName=LDAP] Searching for user in [dc=xxx,dc=yyy,dc=zzz] with filter "(&(objectClass=inetOrgPerson)(cn={0}))"... 
[13:42:35]: Authentication as user "cgi2" failed with NamingException: [LDAP: error code 32 - No Such Object] 

In conclusion, can anyone please shed some light on this? Why do we need the “Gateway User” if it’s not used during authentication (unless I’m missing something)? Additionally, is there any way to allow for plain old LDAP access, as opposed to AD?

If not, does anyone have some base-code / sample for an authentication module that can be shared? Depending on the complexity and my spare time, I’d be interested in trying to create an LDAP authentication module.