Madhu,
I would recommend setting doing a tcpdump on the auth server. If you keep
using the unencrypted port 389 then this line will show you some nice debug
information.
tcpdump -nnvvAs 1514 host <IPofAuthServer>
Very interesting that it works when you send the full dn. Does that really
work? If so, it seems like you are really close and need to set some user
attributes. For me, it looks like this?
# User Attributed
:domain => 'example.com',
:mail_attribute => 'mail',
:fullname_attribute => 'displayName',
# Tells Scalr where to look at for users and groups
:base_dn => 'OU=Employees,DC=example,DC=com',
:base_dn_groups => 'OU=Security Groups,DC=example,DC=com',
# Tells Scalr what attributes to look at CN
:username_attribute => 'sAMAccountName',
:groupname_attribute => 'CN',
On Wednesday, March 23, 2016 at 8:28:22 PM UTC-6, Madhu wrote:
>
> Hi Jay,
>
> I tried both regular/simple, in both case i get two type errors!.
>
> *1) when i try with username "madhu"*
>
> Incorrect login or password (1) 53:48 - LdapClient v-0.5
>> 53:48 - isValidUser is called.
>> 53:48 - LDAP Server is:localhost port:389 - OK
>> 53:48 - Bind username:madhu password:********** - Failed
>>
>>> 53:48 - Could not bind LDAP. No such object
>>>
>>
>
>
> *2)when i try with username(full dn)
> "cn=madhu,ou=people,dc=example,dc=com"*
>
> You don't have access to any account. 54:31 - LdapClient v-0.5
>> 54:31 - isValidUser is called.
>> 54:31 - LDAP Server is:localhost port:389 - OK
>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com
>> password:********** - OK
>> 54:31 - Query baseDn (2):cn=madhu,ou=people,dc=example,dc=com
>> filter:(&(&(objectClass=posixAccount))(cn=*)), attributes: dn, memberof,
>> displayname - OK
>> 54:31 - Query result count: 1
>> 54:31 - Query result memberofDn: 0
>> 54:31 - Query result DN: cn=madhu,ou=people,dc=example,dc=com
>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com
>> password:********** - OK
>> 54:31 - getUserGroups is called.
>> 54:31 - Query user's groups baseDn:ou=groups,dc=example,dc=com
>> filter:(&(&(objectClass=posixGroup))(member=cn=madhu,ou=people,dc=example,dc=com))
>>
>> - OK
>> 54:31 - Found groups:
>>
>>>
>>>
>
> Do I need to give full DN..for username..?
>
>
> On Wednesday, 23 March 2016 20:02:38 UTC+5:30, Jay Farschman wrote:
>>
>> Madhu,
>>
>> I believe :bind_type => 'openldap', is incorrect. If can be either
>> "regular" or "simple"
>>
>> https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration
>>
>> I used regular, but I also am connecting to MS Active Directory.
>>
>> On Tuesday, March 22, 2016 at 11:03:41 PM UTC-6, Madhu wrote:
>>>
>>> My LDAP config settings in scalr
>>>
>>>
>>>
>>>
>>> app[:configuration] = {
>>>> :scalr => {
>>>> # Tells Scalr to use LDAP for authentication
>>>> :auth_mode => 'ldap',
>>>>
>>>> :connections => {
>>>> :ldap => {
>>>> # Tells Scalr what LDAP server to connect to
>>>> :bind_type => 'openldap',
>>>> :host => 'localhost',
>>>> :port => '389',
>>>>
>>>> # Tells Scalr where to look at for users and groups
>>>> :base_dn => 'ou=people,dc=example,dc=com',
>>>>
>>>> :user => 'cn="Directory Manager"',
>>>> :pass => 'password',
>>>>
>>>> :base_dn_groups => 'ou=groups,dc=example,dc=com',
>>>>
>>>> # Tells Scalr what attributes to look at
>>>> :username_attribute => 'cn',
>>>> :groupname_attribute => 'cn',
>>>>
>>>> # Tells Scalr how group membership is represented
>>>> :group_member_attribute_type => 'memberUid',
>>>>
>>>> # Tells Scalr to use filters to speed up queries
>>>> :filter => {
>>>> :users => '(&(objectClass=posixAccount))',
>>>> :groups => '(&(objectClass=posixGroup))',
>>>> },
>>>>
>>>> # Uncomment for debug output if you can't login
>>>> :debug => 1,
>>>> }
>>>> }
>>>> }
>>>> }
>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>>
>>> On Wednesday, 23 March 2016 10:25:17 UTC+5:30, madhusudan kh wrote:
>>>>
>>>>
>>>> Hi,
>>>> We are trying to implement LDAP auth with scalr, weare using 389
>>>> Directory server, I enabled debug for LDAP in scalr config, everything
>>>> says
>>>> "ok", but after that nothing happens!, have anyone got working with 389
>>>> Directory server..? please need help here.
>>>> Well I am able to login with local credentials, do i need to disable
>>>> local auth..?, does scalr supports only AD or it supports other open
>>>> source
>>>> LDAP server too..?
>>>>
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
