Hi Pekka,
please use "source@: .." instead of "user@:" in the handler configuration.
This was extend to support multiple uses cases and the upstream
connector only works with the "authonly" pattern (see docs of
OpenXPKI::Server::Authentication::Connector)
Oliver
On 25.07.24 12:51, Pekka Länsiaho wrote:
Hello,
For some reason I am unable to get LDAP authentication working, even
though the configuration should be correct:
––––––––––––––––––––––––––––––––––––––––––––––––––––
~~ /var/log/openxpki/openxpki.log ~~
2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Query username testuser with mode combined
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 INFO Got invalid auth result from handler
ActiveDirectory [pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG No get_hash() method defined at
/usr/share/perl5/Connector.pm line 321, <DATA> line 960.
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 WARN Login failed (user: testuser, error: No
get_hash() method defined at /usr/share/perl5/Connector.pm line 321,
<DATA> line 960.) [pid=17746|sid=Xik3]
2024/07/25 13:14:16 ERROR I18N_OPENXPKI_UI_AUTHENTICATION_FAILED
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
~~ connector.yaml ~~
user-ad:
class: Connector::Builtin::Authentication::LDAP
LOCATION: ldaps://ldap.domain.com
verify: none
base: DC=domain,DC=com
binddn: "CN=User Name,OU=Users,DC=domain,DC=com"
password: Password
filter: "(sAMAccountName=[% LOGIN %])"
~~ handler.yaml ~~
ActiveDirectory:
type: Connector
user@: connector:auth.connector.user-ad
role: User
~~ stack.yaml ~~
ActiveDirectory:
label: Domain Login
description: Login with username and password
handler: ActiveDirectory
type: passwd
––––––––––––––––––––––––––––––––––––––––––––––––––––
I have validated the LDAP account access using ldapsearch:
~~ /etc/ldap/ldap.conf ~~
URIldaps://ldap.domain.com
TLS_REQCERTALLOW
~~ query ~~
# ldapsearch -D "CN=User Name,OU=Users,DC=domain,DC=com” -W -b
DC=domain,DC=com “(sAMAccountName=testuser)”
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <DC=domain,DC=com> with scope subtree
# filter (sAMAccountName=testuser)
# requesting: ALL
#
<snipped results>
# numResponses: 5
# numEntries: 1
~~ endquery ~~
––––––––––––––––––––––––––––––––––––––––––––––––––––
What’s the problem here?
I went through a number of older mails but couldn’t pinpoint any
obvious issues.
best regards,
Pekka
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
