Based on your config and error message, cobbler (specifically python-ldap) isn't able to establish a secure, TLS connection against your AD server. My guess is you're using a certificate that's not trusted (e.g. self-signed certificate).
One quick fix is to adjust your OpenLDAP config file (e.g. /etc/openldap/ldap.conf) and adjust TLS_REQCERT to allow, or add your CA to the list of your trusted CAs. HTH, - gino On Tue, Jan 12, 2010 at 8:59 AM, Gehrig Adrian <[email protected]> wrote: > Hi > > > > Before I make an appointment at my psycho analyst I ask you for help... > > > > I am trying to get the ldap authentication against a Windows 2003 domain > working. > > > > Using ldapsearch is working as espected. The following command was executed: > > > > ldapsearch -LLL -x -b > 'ou=Users,OU=Bern,OU=Switzerland,OU=10_Locations,DC=emmi,DC=ch' -D > CN=username,OU=Service-Accounts,OU=Admin,DC=emmi,DC=ch -w password -H > ldap://domaincontroller.emmi.ch "sAMAccountName=*" cn > > > > Now trying to adapt it to cobbler: > > > > # configuration options if using the authn_ldap module. See the # the Wiki > for details. This can be ignored if you are not using # LDAP for > WebUI/XMLRPC authentication. > > ldap_server: "domaincontroller.emmi.ch" > > ldap_base_dn: "DC=emmi,DC=ch" > > ldap_port: 389 > > ldap_tls: 1 > > ldap_anonymous_bind: 0 > > ldap_search_bind_dn: > 'CN=username,OU=Service-Accounts,OU=Admin,DC=emmi,DC=ch' > > ldap_search_passwd: 'password' > > ldap_search_prefix: 'sAMAccountName=* CN' > > > > Also tried on ldap_search_prefix '' and 'CN' and ldap_tls 0 and 1 > > > > The ldap_search_prefix: 'sAMAccountName=* CN' gets the following messages in > /var/log/cobbler/cobbler.log: > > > > Tue Jan 12 15:50:52 2010 - INFO | Exception occured: ldap.OPERATIONS_ERROR > Tue Jan 12 15:50:52 2010 - INFO | Exception value: {'info': '00000000: > LdapErr: DSID-0C090627, comment: In order to perform this operation a > successful bind must be completed on the connection., data 0, vece', 'desc': > 'Operations error'} Tue Jan 12 15:50:52 2010 - INFO | Exception Info: > > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1737, in > _dispatch > > return method_handle(*params) > > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1562, in > login > > if self.__validate_user(login_user,login_password): > > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1475, in > __validate_user > > return self.api.authenticate(input_user,input_password) > > File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 737, in > authenticate > > rc = self.authn.authenticate(self,user,password) > > File "/usr/lib/python2.4/site-packages/cobbler/modules/authn_ldap.py", > line 113, in authenticate > > result = dir.search_s(basedn, ldap.SCOPE_SUBTREE, filter, []) > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 481, > in search_s > > return > self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 475, > in search_ext_s > > return self.result(msgid,all=1,timeout=timeout)[1] > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 405, > in result > > res_type,res_data,res_msgid = self.result2(msgid,all,timeout) > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 409, > in result2 > > res_type, res_data, res_msgid, srv_ctrls = > self.result3(msgid,all,timeout) > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 415, > in result3 > > rtype, rdata, rmsgid, serverctrls = > self._ldap_call(self._l.result3,msgid,all,timeout) > > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 94, in > _ldap_call > > result = func(*args,**kwargs) > > > > Someone can give me a hint on how to authenticate my cobbler users against > the active directory? > > > > > > Regards > > Adrian > > > > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
