Hello,
For some reason I am unable to get LDAP authentication working, even though the
configuration should be correct:
––––––––––––––––––––––––––––––––––––––––––––––––––––
~~ /var/log/openxpki/openxpki.log ~~
2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:10 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Query username testuser with mode combined
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 INFO Got invalid auth result from handler ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG No get_hash() method defined at
/usr/share/perl5/Connector.pm line 321, <DATA> line 960. [pid=17746|sid=Xik3]
2024/07/25 13:14:16 WARN Login failed (user: testuser, error: No get_hash()
method defined at /usr/share/perl5/Connector.pm line 321, <DATA> line 960.)
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 ERROR I18N_OPENXPKI_UI_AUTHENTICATION_FAILED
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Incoming auth for stack ActiveDirectory
[pid=17746|sid=Xik3]
2024/07/25 13:14:16 DEBUG Request stack info for ActiveDirectory
[pid=17746|sid=Xik3]
~~ connector.yaml ~~
user-ad:
class: Connector::Builtin::Authentication::LDAP
LOCATION: ldaps://ldap.domain.com
verify: none
base: DC=domain,DC=com
binddn: "CN=User Name,OU=Users,DC=domain,DC=com"
password: Password
filter: "(sAMAccountName=[% LOGIN %])"
~~ handler.yaml ~~
ActiveDirectory:
type: Connector
user@: connector:auth.connector.user-ad
role: User
~~ stack.yaml ~~
ActiveDirectory:
label: Domain Login
description: Login with username and password
handler: ActiveDirectory
type: passwd
––––––––––––––––––––––––––––––––––––––––––––––––––––
I have validated the LDAP account access using ldapsearch:
~~ /etc/ldap/ldap.conf ~~
URI ldaps://ldap.domain.com
TLS_REQCERT ALLOW
~~ query ~~
# ldapsearch -D "CN=User Name,OU=Users,DC=domain,DC=com” -W -b DC=domain,DC=com
“(sAMAccountName=testuser)”
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <DC=domain,DC=com> with scope subtree
# filter (sAMAccountName=testuser)
# requesting: ALL
#
<snipped results>
# numResponses: 5
# numEntries: 1
~~ endquery ~~
––––––––––––––––––––––––––––––––––––––––––––––––––––
What’s the problem here?
I went through a number of older mails but couldn’t pinpoint any obvious issues.
best regards,
Pekka
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
