Hi Geert,
I have installed all these dependencies.
I have verified my bind user credentials using the below command to make sure
they are correct. I have got a success response.
ldapwhoami -vvv -H LDAP_URI -D BIND_USER_DN -x -w BIND_USER_PASSWORD
I have also verified the user credentials using the above command to verify the
user with which I am trying to log into app server. I have got a success
response.
I am still receiving the External authentication failed error when I try to log
in to marklogic app server.
2015-04-08 15:04:48.645 Info: External authentication failed:cd1user1
Is there a way I can get some more details in the logs? I have the ldap
attribute as sAMAccountName={0}.
Thanks,
Sudheer
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Geert Josten
Sent: Wednesday, April 08, 2015 12:45 AM
To: MarkLogic Developer Discussion
Subject: Re: [MarkLogic Dev General] LDAP integration with MarkLogic for
authentication - How to use bind user for authentication MarkLogic with LDAP
server
Very close, thanks.
I ran the following yum commands to get things going:
To support DIGEST-MD5 auth:
sudo yum install cyrus-sasl-md5
For testing LDAP access from command-line:
sudo yum install openldap-clients
And optionally for HTTPS support (and generating certs and keys):
sudo yum install mod_ssl openssl
This is for RedHat and CentOS, you may need different commands on other OS..
Cheers,
Geert
On 4/7/15, 10:40 PM, "Christopher Hamlin" <[email protected]> wrote:
>This?
>
>https://help.marklogic.com/Knowledgebase/Article/View/152/0/ldap-authen
>tic
>ation-and-authorization
>
>On Tue, Apr 7, 2015 at 4:38 PM, Geert Josten
><[email protected]>
>wrote:
>> Hi,
>>
>> Yes, I think you need to make sure a certain library is installed on
>> the MarkLogic host. I need to look it up though..
>>
>> Cheers,
>> Geert
>>
>> From: Sudheer Yalaverthi <[email protected]>
>> Reply-To: MarkLogic Developer Discussion
>><[email protected]>
>> Date: Tuesday, April 7, 2015 at 8:06 PM
>> To: MarkLogic Developer Discussion <[email protected]>
>> Subject: Re: [MarkLogic Dev General] LDAP integration with MarkLogic
>>for authentication - How to use bind user for authentication
>>MarkLogic with LDAP server
>>
>> Hi Geert,
>>
>>
>>
>> I have tried in the Qconsole with the xdmp:ldap-lookup function. I am
>> getting the below error.
>>
>>
>>
>> [1.0-ml] XDMP-LDAP: xdmp:ldap-lookup(REMOVED ACTUALTEXT HERE) -- LDAP
>>Error:
>> ldap_sasl_interactive_bind_s err: Unknown authentication method (-6)
>>
>>
>>
>>
>>
>> Any thoughts? Also is there a way I can get more information in the
>>error log files? It looks like there are no trace events related to
>>this.
>>
>>
>>
>>
>>
>>
>>
>> Sudheer
>>
>>
>>
>> From: [email protected]
>> [mailto:[email protected]] On Behalf Of Geert
>>Josten
>> Sent: Tuesday, April 07, 2015 2:32 PM
>> To: MarkLogic Developer Discussion
>> Subject: Re: [MarkLogic Dev General] LDAP integration with MarkLogic
>>for authentication - How to use bind user for authentication
>>MarkLogic with LDAP server
>>
>>
>>
>> Hi Sudheer,
>>
>>
>>
>> If you set auth method to ldap, with internal security false, and
>>external security to the name of you external security config, then
>>it will take the ldap default user/password to authenticate itself
>>against LDAP, and then verify the user entered values. Make sure to
>>provide a correct ldap base and ldap attribute where the login name
>>should be found. You can verify from Qconsole with for instance
>>http://docs.marklogic.com/xdmp:ldap-lookup
>>
>>
>>
>> Cheers,
>>
>> Geert
>>
>>
>>
>> From: Sudheer Yalaverthi <[email protected]>
>> Reply-To: MarkLogic Developer Discussion
>><[email protected]>
>> Date: Tuesday, April 7, 2015 at 7:11 PM
>> To: MarkLogic Developer Discussion <[email protected]>
>> Subject: [MarkLogic Dev General] LDAP integration with MarkLogic for
>>authentication - How to use bind user for authentication MarkLogic
>>with LDAP server
>>
>>
>>
>> Hi
>>
>>
>>
>>
>>
>> I am trying to use LDAP external authentication for one of my http
>>servers.
>> Here is what I have tried.
>>
>>
>>
>> I created an external configuration object with LDAP for
>>authentication and authorization. I have provided the bind user in
>>the configuration. In the app server (http server), I have set the
>>authentication to basic, internal security to false, external
>>security to the new configuration object I created and default user
>>to a user that exists on MarkLogic security database.
>>
>>
>>
>> When I try to access the app server, I am prompted user login window
>>and when I try giving a user credentials that exist on LDAP, I am
>>getting the below error.
>>
>>
>>
>>
>>
>> 2015-04-07 18:40:38.259 Info: External authentication failed:cd1user1
>>
>>
>>
>>
>>
>> In my organization, LDAP bind user is required from any application
>>to authenticate first with LDAP server to access the LDAP server. But
>>based on the MarkLogic documentation bind user is used only when the
>>authentication is set to Kerberos and authorization to ldap. How do
>>I tell MarkLogic to use the bind user during authentication with LDAP
>>so that MarkLogic server gets authenticated with LDAP server and then
>>searches the LDAP server for the user I am trying to log in with?
>>
>>
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Sudheer
>>
>>
>>
>>
>>
>> ---
>> This communication may contain confidential and/or privileged
>>information.
>> If you are not the intended recipient (or have received this
>>communication in error) please notify the sender immediately and
>>destroy this communication. Any unauthorized copying, disclosure or
>>distribution of the material in this communication is strictly
>>forbidden.
>>
>> Deutsche Bank does not render legal or tax advice, and the
>> information contained in this communication should not be regarded as such.
>>
>>
>>
>> ---
>> This communication may contain confidential and/or privileged
>>information.
>> If you are not the intended recipient (or have received this
>>communication in error) please notify the sender immediately and
>>destroy this communication. Any unauthorized copying, disclosure or
>>distribution of the material in this communication is strictly
>>forbidden.
>>
>> Deutsche Bank does not render legal or tax advice, and the
>> information contained in this communication should not be regarded as such.
>>
>> _______________________________________________
>> General mailing list
>> [email protected]
>> Manage your subscription at:
>> http://developer.marklogic.com/mailman/listinfo/general
>>
>_______________________________________________
>General mailing list
>[email protected]
>Manage your subscription at:
>http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________
General mailing list
[email protected]
Manage your subscription at:
http://developer.marklogic.com/mailman/listinfo/general
---
This communication may contain confidential and/or privileged information. If
you are not the intended recipient (or have received this communication in
error) please notify the sender immediately and destroy this communication. Any
unauthorized copying, disclosure or distribution of the material in this
communication is strictly forbidden.
Deutsche Bank does not render legal or tax advice, and the information
contained in this communication should not be regarded as such.
_______________________________________________
General mailing list
[email protected]
Manage your subscription at:
http://developer.marklogic.com/mailman/listinfo/general
