Dear mailing list users, I'm currently a 2nd year student at the HU University of Applied Sciences Utrecht working on setting up OpenXPKI as an issuing CA for our student "playground" to self sign certificates. I'm trying to set up LDAP authentication for operators. However, I've been having some issues I haven't been able to figure out for the past week or so.
With a ldapsearch like below I get a proper return, so I think that isolates my Active Directory as a variable. ldapsearch -LLL -x -H ldap://{test server ip} -D "[email protected]" -w "Secure123" -b "DC=vault,DC=local" "(sAMAccountName=fay)" memberOf dn: CN=Fay's Test Account,CN=Users,DC=vault,DC=local memberOf: CN=PKIAdmins,CN=Users,DC=vault,DC=local memberOf: CN=DnsAdmins,CN=Users,DC=vault,DC=local So now I don't get why my configs don't work Connector config: ra-ldap: class: Connector::Builtin::Authentication::LDAP LOCATION: ldap://{test server ip} base: "DC=vault,DC=local" binddn: cn=openxpki password: "Secure123" filter: "(&(sAMAccountName=[% LOGIN %])(memberOf=CN=PKIAdmins,OU=Users,CN=Users,DC=vault,DC=local))" (mail also didn't work) Handler config: ldap: type: Password class: OpenXPKI::Server::Authentication::LDAP label: LDAP Authentication connector: ra-ldap role: RA Operator Stack config: LDAP: label: LDAP Login description: Login via Active Directory handler: ldap type: passwd The rest of the configuration related to LDAP is just so far just the default copied from the example, test account login works fine. Am I missing something obvious? Are there any other things I should look out for? Thanks in advance, Fay Knol
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
