Hi,
I'm new to Openxpki, even if I use to manage PKIs for a few years.
I am trying Openxpki and since now I managed to make a useful demo with
realms, a bit of presonnalization. This looks promizing as I am planning
the future deployment.
But there is one mandatory topic that I cannot manage to use : the LDAP
authentication.
I manage from the server to make searches via ldapsearch :
ldapsearch -vvv -LLL -P 3 -H ldap://ad.myorg.com -b 'dc=myorg,dc=com' -D
'myorg\service_account' -w 'mypassword' "(sAMAccountName=test)
... result OK with the user details ...
But when I try to login as a Openxpki user with an Active Directory account
(2012 Windows Servers), I have following errors:
2018/08/17 14:51:43 current session status GET_PASSWD_LOGIN
2018/08/17 14:51:43 not logged in - doing auth - page is - action is
login!password
2018/08/17 14:51:43 Selected realm ca-prod, new status GET_PASSWD_LOGIN
2018/08/17 14:51:43 Requested login type PASSWD
2018/08/17 14:51:43 Seems to be an auth try - validating
Net::LDAP=HASH(0x52e1668) sending:
30 0C 02 01 01 60 07 02 01 03 04 00 80 00 __ __ 0....`........
Net::LDAP=HASH(0x52e1668) received:
Net::LDAP=HASH(0x52e1668) sending:
... Cutted info ...
Net::LDAP=HASH(0x52e1668) received:
2018/08/17 14:47:13 ERROR LDAP search returned error code 1 (error:
Operations error) [pid=26032|sid=C8VF]
2018/08/17 14:47:13 connector.ERROR LDAP search returned error code 1
(error: Operations error) [pid=26032|sid=C8VF]
2018/08/17 14:47:13 ERROR Login FAILED for user test with role User
[pid=26032|sid=C8VF]
2018/08/17 14:47:13 openxpki.auth.ERROR Login FAILED for user test with
role User [pid=26032|sid=C8VF]
2018/08/17 14:47:13 ERROR
I18N_OPENXPKI_SERVER_AUTHENTICATION_PASSWORD_LOGIN_FAILED; __USER__ => test
[pid=26032|sid=C8VF]
2018/08/17 14:47:13 openxpki.system.ERROR
I18N_OPENXPKI_SERVER_AUTHENTICATION_PASSWORD_LOGIN_FAILED; __USER__ => test
[pid=26032|sid=C8VF]
2018/08/17 14:47:13 WARN I18N_OPENXPKI_SERVER_AUTHENTICATION_LOGIN_FAILED;
__ERRVAL__ => I18N_OPENXPKI_SERVER_AUTHENTICATION_PASSWORD_LOGIN_FAILED;
__USER__ => test [pid=26032|sid=C8VF]
2018/08/17 14:47:13 openxpki.auth.WARN
I18N_OPENXPKI_SERVER_AUTHENTICATION_LOGIN_FAILED; __ERRVAL__ =>
I18N_OPENXPKI_SERVER_AUTHENTICATION_PASSWORD_LOGIN_FAILED; __USER__ => test
[pid=26032|sid=C8VF]
Here is the configuration:
openxpkiadm version
Version (core): 1.20.2 on a debian 8 with up-to-date packages, as in the
quickstart guide
I am able to generate CSR, produce certificates, generate CRL and publish
them locally, I have the email notifications working.
pwd
/etc/openxpki/config.d/realm/ca-prod/auth
stack.yaml extract:
User:
description: I18N_OPENXPKI_CONFIG_AUTH_STACK_DESCRIPTION_USER
handler: Password Connector
handler.yaml extract :
# Sample using a Password "bind" connector
Password Connector:
type: Connector
label: User Password
description: I18N_OPENXPKI_CONFIG_AUTH_HANDLER_DESCRIPTION_PASSWORD
role: User
source@: connector:auth.connector.user-ad
connector.yaml extract :
user-ad:
class: Connector::Builtin::Authentication::LDAP
LOCATION: ldap://ad.myorg.com
port: 389
debug: true
use_tls: false
capath: /etc/openxpki/ssl/myca.crt
base: dc=myorg,dc=com
binddn@: cn=myorg\service_account (cn=service_account does
produce the same error)
password@: mypassword
filter: "(sAMAccountName=test)"
I may have missed something, or made a mistake in the config.
Someone did alreay manage to get it working please ?
Thanks
Raphaƫl Buquet
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
