Hey Randy,
To me it looks like you have the port specified on the host line an should
not. The other thing I remember messing with my brain a bit was the fact
that I had to create my groups as CNs under security groups. In my case -
OU=Security
Groups,DC=my,DC=company,DC=com
- CN=QA
- CN=DEV
- CN=etc...
Your config is a little difficult to read because you XXX-ed things out,
leaving me guessing at how the LDAP portions interconnect.
I'm curious, what kind of an error are you returning? The error messages
are pretty good. For further clarity I ended up doing a tcpdump and
switching back to unencrypted traffic. I was able to see quite a bit with a
dump, including the password which I was mistyping frequently ;)
Finally, if you are running encrypted against Microsoft AD, then you'll be
using a TLS cert and you need to have a cert from your CA to get things
working.
app[:configuration] = {
:scalr => {
# Tells Scalr to use LDAP for authentication
:auth_mode => 'ldap',
:connections => {
:ldap => {
# Tells Scalr what LDAP server to connect to
:bind_type => 'regular',
:host => 'ldaps://auth01.my.company.com',
:port => '636',
:user => 'CN=Scalr,OU=Service Accounts,DC=my,DC=company,DC=com'
,
:pass => 'xxxxxxxxxxxxxxxx',
# User Attributed
:domain => 'my.company.com',
:mail_attribute => 'mail',
:fullname_attribute => 'displayName',
# Tells Scalr where to look at for users and groups
:base_dn => 'OU=Employees,DC=my,DC=company,DC=com',
:base_dn_groups => 'OU=Security Groups,DC=my,DC=company,DC=com',
# Tells Scalr what attributes to look at CN
:username_attribute => 'sAMAccountName',
:groupname_attribute => 'CN',
# Tells Scalr how group membership is represented
:group_member_attribute_type => 'member',
# Tells Scalr to use filters to speed up queries
:filter => {
:users => '(&(objectClass=person))',
:groups => '(&(objectClass=group))',
},
}
}
}
}
On Monday, May 16, 2016 at 3:34:29 PM UTC-6, Randy Black wrote:
>
> Care to share your ldap config? I am attaching to an AD environment and
> having no luck.
>
> Thanks,
> Randy
> app[:configuration] = {
> :scalr => {
> # Tells Scalr to use LDAP for authentication
> :auth_mode => 'LDAP',
>
> :connections => {
> :ldap => {
> # Tells Scalr what LDAP server to connect to
> :bind_type => 'simple',
> :host => 'ldaps://ad.ddd.ccc.com:3269',
> :port => '3269',
>
> # Tells Scalr where to look at for users and groups
> :base_dn => 'CN=USER,OU=xxxx,DC=ad,DC=xxx,DC=com',
> :base_dn_groups => 'OU=xxx,OU=Sites,DC=ad,DC=xxx,DC=com',
>
> :user => 'cn="xx,ou=xx,ou=xxx,ou=xxx,dc=ad,dc=xxx,dc=com"',
> :password => '*****',
>
> # Tells Scalr what attributes to look at
> :username_attribute => 'sAMAccountName',
> :groupname_attribute => 'memberOf',
>
> # Tells Scalr how group membership is represented
> :group_member_attribute_type => 'memberUid',
>
> # Tells Scalr to use filters to speed up queries
> :filter => {
> :users => '(&(objectClass=posixAccount))',
> :groups => '(&(objectClass=groupOfNames))',
> },
>
> # Uncomment for debug output if you can't login
> :debug => 1,
> }
> }
>
>
> On Friday, January 15, 2016 at 3:27:04 PM UTC-6, Jay Farschman wrote:
>>
>> Afternoon,
>>
>> I setup LDAP access against our MS Active Directory (AD) today and found
>> that once you understand how all the parts work, it's really very well
>> done. However, I have a question about the workflow
>>
>> Scalr does not allow me to do any operations on an LDAP user until that
>> user first logs in. After they login, I can assign them to teams and apply
>> the proper ACLs, but not before then.
>>
>> How have others handled this? For now I'm personally inviting a limited
>> number of users and I can work with them all personally, but if there a
>> better, more automated way?
>>
>
--
You received this message because you are subscribed to the Google Groups
"scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
