[racktables-users] Re: ldap configuration not working
- From: Allen Chan <allen.michael.chan@xxxxxxxxx>
- To: racktables-users@xxxxxxxxxxxxx
- Date: Thu, 19 Mar 2015 13:12:14 -0700
I was talking to my AD admin today. We do not have any groups for our users. So
everything is under root. Would that kind of setup cause it to not work
properly?
> On Mar 2, 2015, at 7:43 AM, Theodore Van Iderstine
> <tvaniderstine@xxxxxxxxxxxxxxxxxxxxx> wrote:
>
> I don't know if this is the cause of the problem, but the more recent
> versions of php_ldap do certificate checking. I have one installation with
> a (very) outdated certificate (I have to rebuild my CA before I can re-issue
> it), but I have others where all of the associated certificates are valid,
> but not signed by a public CA, that don't work either, but I haven't fully
> examined this installation yet.
> ________________________________________
> From: racktables-users-bounce@xxxxxxxxxxxxx
> [racktables-users-bounce@xxxxxxxxxxxxx] on behalf of Thomas Kristiansen
> [trkr1410@xxxxxxxxx]
> Sent: 02 March 2015 09:59
> To: racktables-users@xxxxxxxxxxxxx
> Subject: [racktables-users] Re: ldap configuration not working
>
> I've experienced a similar issue when trying to perform a nested LDAP query
> against the LDAP server.
>
> My example code is currently pending approval in github, se the following for
> the code:
> https://github.com/nvtkaszpir/racktables/pull/1/files
>
> As of the LDAP options, it looks ok, but on the 'server'=>'hostname' i only
> have the FQDN(i think) of the LDAP server
>
> Mvh
> Thomas R. Kristiansen
>
> On Thu, Feb 26, 2015 at 12:41 AM, Allen Chan
> <allen.michael.chan@xxxxxxxxx<mailto:allen.michael.chan@xxxxxxxxx>> wrote:
> I have local accounts to FALSE
>
> $user_auth_src = 'ldap';
> $require_local_account = FALSE;
>
>
>> On Feb 25, 2015, at 3:35 PM, Denis Ovsienko
>> <denis@xxxxxxxxxxxxx<mailto:denis@xxxxxxxxxxxxx>> wrote:
>>
>> ---- On Wed, 25 Feb 2015 23:20:12 +0000 Craig Gill wrote ----
>>> Ah,
>>>
>>> In that case, have you added a domain group which your account is a member
>>> of to the Configuration -> Permissions page in Racktables? By default only
>>> the local admin account is on the list, therefore only that account can log
>>> in.
>>>
>>> To add a new group to the allowed list, add a new line 'allow
>>> {$lgcn_Groupname}' and then save the changes.
>>>
>>> I believe there's also a way to directly add your domain user account to
>>> the allowed list with 'allow {$username_yourusername}'
>>
>> This definitely makes sense for the authorisation phase, but in this case
>> the repeated username/password prompt indicates the client does not pass the
>> authentication phase. If it was an authorisation issue, there would be just
>> one username/password prompt followed with a "you are not allowed to access
>> here" HTML message.
>>
>> If the LDAP exchange concludes OK the most likely reason for the
>> authentication to fail is $require_local_account not being aligned with the
>> list of local accounts in RackTables.
>>
>> --
>> Denis Ovsienko
>>
>>
>
>
>
>
Other related posts:
