Hi folks, I have a issue regarding LDAP integration of my pulp Service. I'm using a RHEL7 with Pulp 1.19.
I must admit that I only deployed pulp with this puppet module: https://github.com/theforeman/puppet-pulp It works flawlessly except the LDAP configuration. According to the documentation, I configured the Apache to use LDAP Basic auth: https://docs.pulpproject.org/en/2.19/user-guide/authentication.html#ldap-whole-api-example My configuration looks like it should work. A colleague of mine also checked the config and said that it looks fine: --- <Files webservices.wsgi> # pass everything that isn't a Basic auth request through to Pulp SetEnvIfNoCase ^Authorization$ "Basic.*" USE_APACHE_AUTH=1 Order allow,deny Allow from env=!USE_APACHE_AUTH Satisfy Any # configure basic auth AuthType basic AuthBasicProvider ldap AuthName "Pulp" AuthLDAPURL "ldaps://ldap.mycompany.de/c=de?uid?sub?(objectclass=human)" AuthLDAPBindDN "cn=scv XXXY,ou=services,o=Application,c=de" AuthLDAPBindPassword "LDAPpassword" AuthLDAPRemoteUserAttribute uid Require valid-user # Standard Pulp REST API configuration goes here... </Files> --- Things I did before restarting the apache httpd: * I created a corresponding user in the backend with the same name as my ldap user * I gave this user the role "super user" to still have adminstrative access So when I want to login with --- $ pulp-admin login -u "my.user" --- and use my LDAP password, it says "The specified user does not have permission to execute the given command." If I use the password from the local backend it works just fine. So my assumption is, that the LDAP authentication from Apache isn't forwarded to the pulp service. More precisely the "REMOTE_USER" variable isn't used by pulp or maybe apache doesn't even forward it correctly. I already increased the apache Log Level from "Info" to "Debug" and checked apache access and error log. The access log only says that I get http return code 401, which is access denied. Code 200 when i login with the local database password (which shouldn't work anymore, when using ldap). The journal log from pulp also doesn't say anything new to me Do you guys have hints how to fix the issue. Or a good way to debug this. I already asked for help on IRC without success. I also considered about using the deprecated API, but configuring deprecated features isn't a good idea in general. Best Regards and Thanks Philipp Seiler -- Philipp Seiler Free Software & Linux advocator Mail: [email protected] GPG Key: 0x75911461 Jabber: [email protected]
pgpE6tJ9PxINF.pgp
Description: OpenPGP digital signature
_______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
