It looks to me that you are using the wrong port for tls..389 is cleartext, 636 is secure ( if i remember correctly )
Cheers, Ohad On 1/13/10, Gehrig Adrian <[email protected]> wrote: > Hi > > Before I make an appointment at my psycho analyst I ask you for help... > > I am trying to get the ldap authentication against a Windows 2003 domain > working. > > Using ldapsearch is working as espected. The following command was executed: > > ldapsearch -LLL -x -b > 'ou=Users,OU=Bern,OU=Switzerland,OU=10_Locations,DC=emmi,DC=ch' -D > CN=username,OU=Service-Accounts,OU=Admin,DC=emmi,DC=ch -w password -H > ldap://domaincontroller.emmi.ch "sAMAccountName=*" cn > > Now trying to adapt it to cobbler: > > # configuration options if using the authn_ldap module. See the # the Wiki > for details. This can be ignored if you are not using # LDAP for > WebUI/XMLRPC authentication. > ldap_server: "domaincontroller.emmi.ch" > ldap_base_dn: "DC=emmi,DC=ch" > ldap_port: 389 > ldap_tls: 1 > ldap_anonymous_bind: 0 > ldap_search_bind_dn: > 'CN=username,OU=Service-Accounts,OU=Admin,DC=emmi,DC=ch' > ldap_search_passwd: 'password' > ldap_search_prefix: 'sAMAccountName=* CN' > > Also tried on ldap_search_prefix '' and 'CN' and ldap_tls 0 and 1 > > The ldap_search_prefix: 'sAMAccountName=* CN' gets the following messages in > /var/log/cobbler/cobbler.log: > > Tue Jan 12 15:50:52 2010 - INFO | Exception occured: ldap.OPERATIONS_ERROR > Tue Jan 12 15:50:52 2010 - INFO | Exception value: {'info': '00000000: > LdapErr: DSID-0C090627, comment: In order to perform this operation a > successful bind must be completed on the connection., data 0, vece', 'desc': > 'Operations error'} Tue Jan 12 15:50:52 2010 - INFO | Exception Info: > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1737, in > _dispatch > return method_handle(*params) > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1562, in > login > if self.__validate_user(login_user,login_password): > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line 1475, in > __validate_user > return self.api.authenticate(input_user,input_password) > File "/usr/lib/python2.4/site-packages/cobbler/api.py", line 737, in > authenticate > rc = self.authn.authenticate(self,user,password) > File "/usr/lib/python2.4/site-packages/cobbler/modules/authn_ldap.py", > line 113, in authenticate > result = dir.search_s(basedn, ldap.SCOPE_SUBTREE, filter, []) > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 481, > in search_s > return > self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 475, > in search_ext_s > return self.result(msgid,all=1,timeout=timeout)[1] > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 405, > in result > res_type,res_data,res_msgid = self.result2(msgid,all,timeout) > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 409, > in result2 > res_type, res_data, res_msgid, srv_ctrls = > self.result3(msgid,all,timeout) > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 415, > in result3 > rtype, rdata, rmsgid, serverctrls = > self._ldap_call(self._l.result3,msgid,all,timeout) > File "/usr/lib64/python2.4/site-packages/ldap/ldapobject.py", line 94, in > _ldap_call > result = func(*args,**kwargs) > > Someone can give me a hint on how to authenticate my cobbler users against > the active directory? > > > Regards > Adrian > > > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
