[racktables-users] RackTables, OpenLDAP, and LDAPv3
- From: Craig Hoffman <craig.hoffman@xxxxxxxxx>
- To: racktables-users@xxxxxxxxxxxxx
- Date: Mon, 24 Aug 2009 12:02:53 -0400
When attempting to utilize ldap as my auth method, I was unable to
successfully authenticate.
I ran OpenLDAP in debug mode, "slapd -d 16380", and noticed the
following message in the logs:
...
send_ldap_result: err=2 matched="" text="historical protocol version
requested, use LDAPv3 instead"
conn=2 op=1 RESULT tag=97 err=2 text=historical protocol version
requested, use LDAPv3 instead
So, as a test, I forced OpenLDAP to accept the legacy v2 protocol
(which is considered deprecated) via:
# Global Directives:
allow bind_v2
in slapd.conf (You have to place it before the database is
instantiated. I stuck it at the very top)
And authentication worked!
I'm not sure if this is considered a bug, a fix, or a workaround, but
I thought it might be helpful to others.
---
Also, if you're going the LDAP route, keep in mind that RackTables
*authorization* is still needed. If you want to do something along
the lines of "These people are admins, everyone else is read-only",
you'll need permissions like:
allow {$userid_1}
allow {$username_choffman}
allow {everyone} and {$tab_default}
In that example, choffman and ID#1 gets admin, everyone else is readonly.
There may be a better way, but that's what I did.
Other related posts: