Hi Roland,
I have managed to get the password self reset and Self services working
fine now. I am not trying to use my ldap for apache authentication for
nagios.
I created a user for binding and gave it read access as well. But I am not
able to get Apache to authenticate through my Ldap.
Here's what I have in apache configuration,
--------
ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
<Directory "/usr/lib64/nagios/cgi-bin/">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
# Order allow,deny
# Allow from all
# Allow from 127.0.0.1
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "LAM"
AuthLDAPURL "ldaps://example.com:636/ou=Users,dc=example,dc=com?uid"SSL
AuthLDAPBindDN uid=binduser,ou=Generalusers,ou=Users,dc=example,dc=com
AuthLDAPBindPassword SECRET
Require valid-user
</Directory>
Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
# Order allow,deny
Allow from all
# Allow from 127.0.0.1
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "LAM"
AuthLDAPURL "ldaps://example.com:636/ou=Users,dc=example,dc=com?uid"SSL
AuthLDAPBindDN uid=binduser,ou=Generalusers,ou=Users,dc=example,dc=com
AuthLDAPBindPassword SECRET
Require valid-user
</Directory>
------------
I have added this in the /etc/openldap/slapd.conf file to add the bind user,
-------------
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw SECRET
defaultaccess none
access to attr=userPassword
by dn="cn=Manager,dc=example,dc=com" write
by self write
by * auth
access to *
by dn="cn=Manager,dc=example,dc=com" write
by dn="uid=binduser,ou=Generalusers,ou=Users,dc=example,dc=com" read
by users read
by self write
by * auth
--------
I then created the user account binduser and restarted slapd.
Here is the error I am seeing in the logs,
---------
[Wed May 07 07:25:31 2014] [info] [client IPADDRESS [4158] auth_ldap
authenticate: user tester authentication failed; URI / [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]
---------
The user tester is inside the Admins,Users,example,com directory.
What do you think I'm missing?Any ideas?
Thanks,
On Wed, Apr 30, 2014 at 1:18 AM, Roland Gruber <[email protected]> wrote:
> Hi Junaid,
>
> On 29.04.2014 07:24, Junaid Shah wrote:
> > 2014-04-28 22:02:55: LDAP Account Manager (kui1ucm5i76bmmc68ohumteaj3 -
> > 10.4.3.20) - ERROR: [uid=bhkwan,ou=Admins,ou=Users,dc=go,dc=cd] Unable to
> > add attributes to DN: uid=student1,ou=Generalusers,ou=Users,dc=go,dc=cd
> > (Insufficient access).
>
> looks like uid=bhkwan,ou=Admins,ou=Users,dc=go,dc=cd has not the right to
> change the student entries.
> You can setup ACLs in slapd.d to change that.
>
> LAM also allows to do all write operations with the bind user. There is an
> option "Use for all operations":
>
>
> https://www.ldap-account-manager.org/static/doc/manual/ch06s03.html#selfServiceBasicSettings
>
>
> --
>
> Best regards
>
> Roland
>
>
> LDAP Account Manager
> http://www.ldap-account-manager.org/
>
> Want more? Get LDAP Account Manager Pro!
> https://www.ldap-account-manager.org/lamcms/lamPro
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Lam-public mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/lam-public
>
>
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
