The last two entries does not represent a user but a groups.
Also ensure that svc-racktables user has access to query for other users
info.
On Mon, Apr 15, 2019 at 2:03 AM Theodore Van Iderstine <
tvaniderstine@xxxxxxxxxxxxxxxxxxxxx> wrote:
I set up RackTables many years ago using LDAP to authenticate to centos-ds
on CentOS 5, I've also set it up severl times to use LDAP to Active
Directory, but the freeIPA attempt has so far defeated me. I can't tell
you everything I've tried because I've probably tried everything that won't
make it work.
This is my secret.php.
<?php
$pdo_dsn = 'mysql:host=localhost;dbname=racktables_db';
$db_username = 'racktables_user';
$db_password = 'password goes here';
$user_auth_src = 'ldap';
$require_local_account = FALSE;
$LDAP_options = array (
'server' => 'server.dev.internal',
'domain' => '',
'search_attr' => 'uid',
'search_dn' =>
'cn=users,cn=accounts,dc=dev,dc=internal',
'search_bind_rdn' => 'cn=svc-racktables',
# 'search_bind_password' => 'password goes here',
# 'displayname_attrs' => 'givenName familyName',
'options' => array (LDAP_OPT_PROTOCOL_VERSION => 3),
'use_tls' => 2,
);
$helpdesk_banner = '<B>This RackTables instance is supported by
magic.
<a href="
https://racktables.dev.internal/racktables";
title="https://racktables.dev.internal/racktables
">
Try this.
</a>
</B>';
?>
This is the output of ldapsearch for a group
# rack-admins, groups, compat, dev.internal
dn: cn=rack-admins,cn=groups,cn=compat,dc=dev,dc=internal
objectClass: posixGroup
objectClass: ipaOverrideTarget
objectClass: top
gidNumber: 660400009
memberUid: joe
memberUid: bill
memberUid: bob
memberUid: svc-racktables
ipaAnchorUUID:: xkxQxTxkZxxxxxxxbxpxYxRxLxlxdxVxbxFxOxNxOxMxMx==
cn: rack-admins
# rack-admins, groups, accounts, dev.internal
dn: cn=rack-admins,cn=groups,cn=accounts,dc=dev,dc=internal
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: posixgroup
cn: rack-admins
ipaUniqueID: 2b232226-2255-2129-2423-202026202827
gidNumber: 660400009
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
This is the output of ldapsearch for a user who's a member of the above
group.
# svc-racktables, groups, compat, dev.internal
dn: cn=svc-racktables,cn=groups,cn=compat,dc=dev,dc=internal
objectClass: posixGroup
objectClass: ipaOverrideTarget
objectClass: top
gidNumber: 670320231
ipaAnchorUUID::
lxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
cn: svc-racktables
# svc-racktables, groups, accounts, dev.internal
dn: cn=svc-racktables,cn=groups,cn=accounts,dc=dev,dc=internal
objectClass: posixgroup
objectClass: ipaobject
objectClass: mepManagedEntry
objectClass: top
cn: svc-racktables
gidNumber: 724304092
description: User private group for svc-racktables
mepManagedBy: uid=svc-racktables,cn=users,cn=accounts,dc=dev,dc=internal
ipaUniqueID: 2e242722-2a25-2bf2-22cc-202022a22922
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
________________________________________
From: racktables-users-bounce@xxxxxxxxxxxxx [
racktables-users-bounce@xxxxxxxxxxxxx] on behalf of Denis Ovsienko [
denis@xxxxxxxxxxxxx]
Sent: 12 April 2019 14:17
To: racktables-users
Subject: [racktables-users] Re: problem with ldap and freeipa
---- On Thu, 11 Apr 2019 08:49:21 +0100 Theodore Van Iderstine <
tvaniderstine@xxxxxxxxxxxxxxxxxxxxx> wrote ----
> I have freeipa running with users and groups set up, but I can't get
RackTables to authenticate users. Does someone have a working (including
group permissions) LDAP_options config that they can sanitize and share?
https://wiki.racktables.org/index.php/LDAP
If that does not answer the question, please be specific what you have
tried, what worked and what didn't.
--
Denis Ovsienko
