Its always the smallest things, that change has made the configuration work.
Just to confirm, is it possible to configure environment variable based password for LDAP? I couldn’t find see mention of that in man-pages (or maybe I was looking in the wrong place). Best regards, Pekka > On 25. Jul 2024, at 14.54, Oliver Welter <m...@oliwel.de> wrote: > > Hi Pekka, > > please use "source@: .." <mailto:source@:..> instead of "user@:" in the > handler configuration. > > This was extend to support multiple uses cases and the upstream connector > only works with the "authonly" pattern (see docs of > OpenXPKI::Server::Authentication::Connector) > > Oliver > > On 25.07.24 12:51, Pekka Länsiaho wrote: >> Hello, >> >> For some reason I am unable to get LDAP authentication working, even though >> the configuration should be correct: >> >> –––––––––––––––––––––––––––––––––––––––––––––––––––– >> >> ~~ /var/log/openxpki/openxpki.log ~~ >> 2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Query username testuser with mode combined >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 INFO Got invalid auth result from handler >> ActiveDirectory [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG No get_hash() method defined at >> /usr/share/perl5/Connector.pm line 321, <DATA> line 960. [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 WARN Login failed (user: testuser, error: No get_hash() >> method defined at /usr/share/perl5/Connector.pm line 321, <DATA> line 960.) >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 ERROR I18N_OPENXPKI_UI_AUTHENTICATION_FAILED >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory >> [pid=17746|sid=Xik3] >> 2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory >> [pid=17746|sid=Xik3] >> >> ~~ connector.yaml ~~ >> user-ad: >> class: Connector::Builtin::Authentication::LDAP >> LOCATION: ldaps://ldap.domain.com >> verify: none >> base: DC=domain,DC=com >> binddn: "CN=User Name,OU=Users,DC=domain,DC=com" >> password: Password >> filter: "(sAMAccountName=[% LOGIN %])" >> >> ~~ handler.yaml ~~ >> ActiveDirectory: >> type: Connector >> user@: connector:auth.connector.user-ad >> role: User >> >> ~~ stack.yaml ~~ >> ActiveDirectory: >> label: Domain Login >> description: Login with username and password >> handler: ActiveDirectory >> type: passwd >> >> –––––––––––––––––––––––––––––––––––––––––––––––––––– >> >> >> I have validated the LDAP account access using ldapsearch: >> >> ~~ /etc/ldap/ldap.conf ~~ >> URI ldaps://ldap.domain.com >> TLS_REQCERT ALLOW >> >> ~~ query ~~ >> # ldapsearch -D "CN=User Name,OU=Users,DC=domain,DC=com” -W -b >> DC=domain,DC=com “(sAMAccountName=testuser)” >> Enter LDAP Password: >> # extended LDIF >> # >> # LDAPv3 >> # base <DC=domain,DC=com> with scope subtree >> # filter (sAMAccountName=testuser) >> # requesting: ALL >> # >> >> <snipped results> >> # numResponses: 5 >> # numEntries: 1 >> ~~ endquery ~~ >> >> –––––––––––––––––––––––––––––––––––––––––––––––––––– >> >> What’s the problem here? >> I went through a number of older mails but couldn’t pinpoint any obvious >> issues. >> >> best regards, >> >> Pekka >> >> >> >> >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> <mailto:OpenXPKI-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- > Protect your environment - close windows and adopt a penguin! > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
