Hi All,
I’ve setup rocketchat and have basic LDAP setup - the next step of my deployment is to have channels based on LDAP user group.
I can successfully login when i have “Sync LDAP groups” Disabled but cannot login with it enabled.
My LDAP server is a Active Directory server running on Server 2016.
Here are my settings -
User Group Filer -
" (&(objectCategory=Person)(sAMAccountName=#{username})(memberOf:1.2.840.113556.1.4.1941:=cn=#{groupName},OU=Protected Groups,OU=Administrative Groups,OU=Gatekeeper,DC=DOMAIN,DC=net)) "
LDAP Group BaseDN -
" dc=DOMAIN,dc=net "
User Data Group Map -
" {“Domain Admins”:“admin”,“Domain Users”:“user” }"
LDAP Group Channel Map -
" {“Domain Users”:“announcements”} "
Server Setup Information
Version of Rocket.Chat Server: 2.4.1
Operating System: rocket.chat docker container installed on CentOS
Deployment Method: Docker
Number of Running Instances: 1
DB Replicaset Oplog: Enabled
NodeJS Version: 8.15.1 - x64
MongoDB Version: 4.0.16
Proxy: NGINX
Firewalls involved: Yes
Any additional Information
Logs taken from Rocketchat server -
“Exception while invoking method ‘login’ TypeError: Cannot read property ‘searchAllSync’ of undefined at isUserInLDAPGroup (app/ldap/server/sync.js:34:22) at mapLdapGroupsToUserRoles (app/ldap/server/sync.js:252:7) at syncUserData (app/ldap/server/sync.js:344:20) at addLdapUser (app/ldap/server/sync.js:458:2) at MethodInvocation. (app/ldap/server/loginHandler.js:150:17) at tryLoginMethod (packages/accounts-base/accounts_server.js:460:31) at tryLoginMethod (packages/accounts-base/accounts_server.js:1294:14) at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:458:22) at AccountsServer.Accounts._runLoginHandlers (app/lib/server/lib/loginErrorMessageOverride.js:7:35) at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:518:31) at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1771:12) at DDP._CurrentMethodInvocation.withValue (packages/ddp-server/livedata_server.js:719:19) at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at DDPServer._CurrentWriteFence.withValue (packages/ddp-server/livedata_server.js:717:46) at Meteor.EnvironmentVariable.EVp.withValue (packages/meteor.js:1234:12) at Promise (packages/ddp-server/livedata_server.js:715:46) at new Promise () at Session.method (packages/ddp-server/livedata_server.js:689:23) at packages/ddp-server/livedata_server.js:559:43”
Thanks for your response, it seems that some people are successfully deploying RocketChat with AD but also some people facing issues.
Unsure how to proceed as i’d like to get RocketChat implemented for our company but cannot implement the groups with AD.
Disappointing as we’d look to buy the enterprise versions once this is deployed.
Yes, we have the same problem. We want to test rocket chat and if it runs smoothly we think about the enterprise version but with this problems we cant implement rocket chat.
Are we the only one who has this problems? I cant image that this is a config problem…?