Re: [OpenXPKI-users] LDAP authentication

Fri, 12 Oct 2018 11:30:13 -0700 

Hi,

below is the connector I use.
Are your group members direct members?
The part "memberOf:1.2.840.113556.1.4.1941:=" defines that the search
filter should be recursively.
See:
https://docs.microsoft.com/en-us/windows/desktop/adsi/search-filter-syntax

Additionally have you checked using a group name without space (e.g.
"RA_Operator" instead of "RA Operator")
----------------------------------------------------------------
LDAPUser:
    class: Connector::Builtin::Authentication::LDAP
    LOCATION: ldaps://dc01.example.corp
    base: DC=example,DC=corp
    binddn: CN=Administrator,CN=Users,DC=example,DC=corp
    password: secret
    filter: "(&(sAMAccountName=[% LOGIN
%])(memberOf:1.2.840.113556.1.4.1941:=CN=srv_openxpki-app-users,OU=srv_openxpki,OU=groups,DC=example,DC=corp))"
----------------------------------------------------------------

Am Do., 11. Okt. 2018 um 17:37 Uhr schrieb [email protected] <
[email protected]>:

> Hi Team,
>
> I am trying to use LDAP authentication from AD.
>
> I have created two entries, one for security group (RA Operator)and one
> for Users(user-ad) as below:
>
> Connector.yaml
>
> user-ad:
> class: Connector::Builtin::Authentication::LDAP
> LOCATION: ldap://10.10.10.1
> base: dc=company,dc=loc
> binddn: cn=binduser
> password: secret
> filter: "(sAMAccountName=[% LOGIN %])"
>
> RA-Operator:
> class: Connector::Builtin::Authentication::LDAP
> LOCATION: ldap://10.10.10.1
> base: dc=company,dc=loc
> binddn: cn=binduser
> password: secret
> filter: "(&(sAMAccountName=[% LOGIN %])(memberOf=CN=RA
> Operator,OU=SecurityGroups,DC=company,DC=loc))"
>
> It is giving error as "Login with the given credential failed" unless I am
> not specifying the exact sAMAccountName in connector.yaml for e.g.
> sAMAccountName=test.
>
> Note: Single sign on method is not available.
>
> Please correct me if I am doing anything wrong.
>
> Regards,
> Mohd
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to