Local installation : Integration with Active Directory

Hello,

We would like to setup our on premises Galaxy server but I’ve been struggling with one point, AD Authentication.
I’ve been reading the docs Authentication — Galaxy Project 20.09 documentation and it seems it should be quite straightforward, but i’m always getting an error and can’t get around it. I tried to search the help but couldn’t find anything matching my problem.

This is the error I am getting when trying to login with AD user :

galaxy.webapps.galaxy.controllers.user DEBUG 2021-02-23 11:13:01,984 [p:10651,w:1,m:0] [uWSGIWorker1Core1] trans.app.config.auth_config_file: /srv/galaxy/config/auth_conf.xml
galaxy.auth.providers.ldap_ad DEBUG 2021-02-23 11:13:01,984 [p:10651,w:1,m:0] [uWSGIWorker1Core1] LDAP authenticate: email is itadmin@pasteur-kh.org
galaxy.auth.providers.ldap_ad DEBUG 2021-02-23 11:13:01,984 [p:10651,w:1,m:0] [uWSGIWorker1Core1] LDAP authenticate: username is None
galaxy.auth.providers.ldap_ad DEBUG 2021-02-23 11:13:01,984 [p:10651,w:1,m:0] [uWSGIWorker1Core1] LDAP authenticate: options are {'allow-register': 'False', 'server': 'ldap://XXX', 'search-fields': 'sAMAccountName,mail', 'search-base': 'ou=XXX,dc=XXX,dc=XXX', 'search-user': 'cn=XXX,dc=XXX,dc=XXX', 'search-password': 'XXX', 'bind-user': '{sAMAccountName}@domain.com', 'bind-password': '{password}', 'redact_username_in_logs': False, 'no_password_check': False}
galaxy.web.framework.decorators ERROR 2021-02-23 11:13:01,985 [p:10651,w:1,m:0] [uWSGIWorker1Core1] Uncaught exception in exposed API method:
Traceback (most recent call last):
  File "lib/galaxy/web/framework/decorators.py", line 294, in decorator
    rval = func(self, trans, *args, **kwargs)
  File "lib/galaxy/webapps/galaxy/controllers/user.py", line 118, in login
    return self.__validate_login(trans, payload, **kwd)
  File "lib/galaxy/webapps/galaxy/controllers/user.py", line 136, in __validate_login
    message, user = self.__autoregistration(trans, login, password)
  File "lib/galaxy/webapps/galaxy/controllers/user.py", line 85, in __autoregistration
    autoreg = trans.app.auth_manager.check_auto_registration(trans, login, password)
  File "lib/galaxy/auth/__init__.py", line 63, in check_auto_registration
    auth_results = provider.authenticate(email, username, password, options)
  File "lib/galaxy/auth/providers/ldap_ad.py", line 204, in authenticate
    failure_mode, params = self.ldap_search(email, username, options)
  File "lib/galaxy/auth/providers/ldap_ad.py", line 121, in ldap_search
    raise RuntimeError("Failed to load LDAP module: %s", str(ldap_import_exc))
RuntimeError: ('Failed to load LDAP module: %s', "No module named 'ldap'")

And this is the error i’m getting on web browser :
Uncaught exception in exposed API method:

Additional information
Server : Ubuntu v20.04.1 LTS
pip list|grep ldap python3-ldap 0.9.8.4 git status
On branch release_20.09
Your branch is up to date with ‘origin/release_20.09’.

This is my auth_conf.xml

<?xml version="1.0"?>
<auth>
<authenticator>
        <type>ldap</type>

        <options>
			<allow-register>False</allow-register>
            <server>ldap://ldapserver.domain.com</server>
            <search-fields>sAMAccountName,mail</search-fields>
            <search-base>ou=XXX,dc=XXX,dc=XXX</search-base>

            <search-user>cn=XXX,dc=XXX,dc=XXX</search-user>
            <search-password>XXX</search-password>


        </options>
</authenticator>

Thank you for any help you can provide to us

Note : LDAP is working as I can search my account and when I try to register

# ldapsearch -vv -x -H ldap://xxx.domain.com -b "ou=XXX,dc=domain,dc=com" -D IPC_LDAP -W "sAMAccountName=username"
ldap_initialize( ldap://xxx.domain.com:389/??base )
Enter LDAP Password:
filter: sAMAccountName=username
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=XXX,dc=domain,dc=com> with scope subtree
# filter: sAMAccountName=username
# requesting: ALL
#

# USER NAME, IT, IT, XXX, domain.com
dn: CN=USER NAME,OU=IT,OU=IT,OU=XXX,DC=domain,DC=com
objectClass: top

And when trying to register with a username that’s already in AD, I get the following message on the web browser :
Account registration not required for your account. Please simply login.