Hi Jay, Thanks for the reply, tcpdump command is not yielding anything, since I am using 389 Directory server and not Active directory, and the debug info lines like "44:44 - Query result memberofDn: 0" indicates that the scalr ldap is more Active Directory oriented!. also while authenticating it is adding domain to the username!, like [email protected] and then password!!, strange,isn't it ..?because I have disabled the domain in the config.
Anyway will try some workaround, if anyone succeeded with open source LDAP servers let us know. On Thursday, 24 March 2016 20:32:39 UTC+5:30, Jay Farschman wrote: > > Madhu, > > I would recommend setting doing a tcpdump on the auth server. If you keep > using the unencrypted port 389 then this line will show you some nice debug > information. > > tcpdump -nnvvAs 1514 host <IPofAuthServer> > > Very interesting that it works when you send the full dn. Does that > really work? If so, it seems like you are really close and need to set some > user attributes. For me, it looks like this? > > # User Attributed > > :domain => 'example.com', > > :mail_attribute => 'mail', > > :fullname_attribute => 'displayName', > > # Tells Scalr where to look at for users and groups > > :base_dn => 'OU=Employees,DC=example,DC=com', > > :base_dn_groups => 'OU=Security Groups,DC=example,DC=com', > > # Tells Scalr what attributes to look at CN > > :username_attribute => 'sAMAccountName', > :groupname_attribute => 'CN', > > On Wednesday, March 23, 2016 at 8:28:22 PM UTC-6, Madhu wrote: >> >> Hi Jay, >> >> I tried both regular/simple, in both case i get two type errors!. >> >> *1) when i try with username "madhu"* >> >> Incorrect login or password (1) 53:48 - LdapClient v-0.5 >>> 53:48 - isValidUser is called. >>> 53:48 - LDAP Server is:localhost port:389 - OK >>> 53:48 - Bind username:madhu password:********** - Failed >>> >>>> 53:48 - Could not bind LDAP. No such object >>>> >>> >> >> >> *2)when i try with username(full dn) >> "cn=madhu,ou=people,dc=example,dc=com"* >> >> You don't have access to any account. 54:31 - LdapClient v-0.5 >>> 54:31 - isValidUser is called. >>> 54:31 - LDAP Server is:localhost port:389 - OK >>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>> password:********** - OK >>> 54:31 - Query baseDn (2):cn=madhu,ou=people,dc=example,dc=com >>> filter:(&(&(objectClass=posixAccount))(cn=*)), attributes: dn, memberof, >>> displayname - OK >>> 54:31 - Query result count: 1 >>> 54:31 - Query result memberofDn: 0 >>> 54:31 - Query result DN: cn=madhu,ou=people,dc=example,dc=com >>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>> password:********** - OK >>> 54:31 - getUserGroups is called. >>> 54:31 - Query user's groups baseDn:ou=groups,dc=example,dc=com >>> filter:(&(&(objectClass=posixGroup))(member=cn=madhu,ou=people,dc=example,dc=com)) >>> >>> - OK >>> 54:31 - Found groups: >>> >>>> >>>> >> >> Do I need to give full DN..for username..? >> >> >> On Wednesday, 23 March 2016 20:02:38 UTC+5:30, Jay Farschman wrote: >>> >>> Madhu, >>> >>> I believe :bind_type => 'openldap', is incorrect. If can be either >>> "regular" or "simple" >>> >>> https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration >>> >>> I used regular, but I also am connecting to MS Active Directory. >>> >>> On Tuesday, March 22, 2016 at 11:03:41 PM UTC-6, Madhu wrote: >>>> >>>> My LDAP config settings in scalr >>>> >>>> >>>> >>>> >>>> app[:configuration] = { >>>>> :scalr => { >>>>> # Tells Scalr to use LDAP for authentication >>>>> :auth_mode => 'ldap', >>>>> >>>>> :connections => { >>>>> :ldap => { >>>>> # Tells Scalr what LDAP server to connect to >>>>> :bind_type => 'openldap', >>>>> :host => 'localhost', >>>>> :port => '389', >>>>> >>>>> # Tells Scalr where to look at for users and groups >>>>> :base_dn => 'ou=people,dc=example,dc=com', >>>>> >>>>> :user => 'cn="Directory Manager"', >>>>> :pass => 'password', >>>>> >>>>> :base_dn_groups => 'ou=groups,dc=example,dc=com', >>>>> >>>>> # Tells Scalr what attributes to look at >>>>> :username_attribute => 'cn', >>>>> :groupname_attribute => 'cn', >>>>> >>>>> # Tells Scalr how group membership is represented >>>>> :group_member_attribute_type => 'memberUid', >>>>> >>>>> # Tells Scalr to use filters to speed up queries >>>>> :filter => { >>>>> :users => '(&(objectClass=posixAccount))', >>>>> :groups => '(&(objectClass=posixGroup))', >>>>> }, >>>>> >>>>> # Uncomment for debug output if you can't login >>>>> :debug => 1, >>>>> } >>>>> } >>>>> } >>>>> } >>>>> >>>>>> >>>>>> >>>> >>>> >>>> >>>> >>>> On Wednesday, 23 March 2016 10:25:17 UTC+5:30, madhusudan kh wrote: >>>>> >>>>> >>>>> Hi, >>>>> We are trying to implement LDAP auth with scalr, weare using 389 >>>>> Directory server, I enabled debug for LDAP in scalr config, everything >>>>> says >>>>> "ok", but after that nothing happens!, have anyone got working with 389 >>>>> Directory server..? please need help here. >>>>> Well I am able to login with local credentials, do i need to disable >>>>> local auth..?, does scalr supports only AD or it supports other open >>>>> source >>>>> LDAP server too..? >>>>> >>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
