[OpenXPKI-users] ldap auth to ad

Wed, 03 May 2017 12:17:47 -0700 

Hello

1. OK, for a small test we installed openxpki in our environment
2. We use self created certificates
3. we can create new requests and certificates. All is working as expected
4. Now we want to use ldap (connect to a MS AD…….

we are able to use e.g. ldp (ms ldap client tool) to connect to our ldap

BUT: 
We are not able to configure openxpki in a way that users can use/authenticate 
with their AD credentials. We do receive an unspecified unknown error message 
in the gui (i am at home now, can’t look into). A ldap query doesn’t take place 
(sniffed at network level). In webui.log we get several error messages that 
something couldn’t be found or is missing.


We configured in 

———
Handler.yaml:

User Password:
    type: Password
    label: User Password
    description: I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_PASSWORD
    user@: connector:auth.connector.userad

(remark, i removed userdb here. users can’t login with normal openxpki pw 
anymore)

———
connector.yaml:

userad:
class: Connector::Builtin::Authentication::LDAP
LOCATION: ldap://ad.company.com (yes, our right server there)
base: dc=company,dc=loc (yes, the correct base)
binddn@: cn=binduser (what should be written down here? We do not know what the 
@ means here)
password@: secret (what should be written down here? We do not know what the @ 
means here)

———

1. Is that done right? I am not sure...
2. I tried to fill in my user and password (binddn and password) but that 
doesn’t help. 
3. Is there more to do? Something additional to install? I can’t see know where 
a source for ldap auth….

Yes, we read the documentation several times. But - sorry for that - its too 
unclear what should be done here and which options are possible

Any help is very welcome

best regards and thanks.
Joerg


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to