It makes sense to me. Check "scalr.connections.ldap.bind_type" https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration
"regular" = Login name only "simple" = Full Name, Display Name or SAMAccountName You need may be able to tcpdump on 127.0.0.1... but I've never tried that. On Thursday, March 24, 2016 at 10:19:53 AM UTC-6, Madhu wrote: > > Hi Jay, > > Thanks for the reply, tcpdump command is not yielding anything, since I am > using 389 Directory server and not Active directory, and the debug info > lines like "44:44 - Query result memberofDn: 0" indicates that the scalr > ldap is more Active Directory oriented!. > also while authenticating it is adding domain to the username!, like > user...@example.com <javascript:> and then password!!, strange,isn't it > ..?because I have disabled the domain in the config. > > Anyway will try some workaround, if anyone succeeded with open source LDAP > servers let us know. > > > > > On Thursday, 24 March 2016 20:32:39 UTC+5:30, Jay Farschman wrote: >> >> Madhu, >> >> I would recommend setting doing a tcpdump on the auth server. If you keep >> using the unencrypted port 389 then this line will show you some nice debug >> information. >> >> tcpdump -nnvvAs 1514 host <IPofAuthServer> >> >> Very interesting that it works when you send the full dn. Does that >> really work? If so, it seems like you are really close and need to set some >> user attributes. For me, it looks like this? >> >> # User Attributed >> >> :domain => 'example.com', >> >> :mail_attribute => 'mail', >> >> :fullname_attribute => 'displayName', >> >> # Tells Scalr where to look at for users and groups >> >> :base_dn => 'OU=Employees,DC=example,DC=com', >> >> :base_dn_groups => 'OU=Security Groups,DC=example,DC=com', >> >> # Tells Scalr what attributes to look at CN >> >> :username_attribute => 'sAMAccountName', >> :groupname_attribute => 'CN', >> >> On Wednesday, March 23, 2016 at 8:28:22 PM UTC-6, Madhu wrote: >>> >>> Hi Jay, >>> >>> I tried both regular/simple, in both case i get two type errors!. >>> >>> *1) when i try with username "madhu"* >>> >>> Incorrect login or password (1) 53:48 - LdapClient v-0.5 >>>> 53:48 - isValidUser is called. >>>> 53:48 - LDAP Server is:localhost port:389 - OK >>>> 53:48 - Bind username:madhu password:********** - Failed >>>> >>>>> 53:48 - Could not bind LDAP. No such object >>>>> >>>> >>> >>> >>> *2)when i try with username(full dn) >>> "cn=madhu,ou=people,dc=example,dc=com"* >>> >>> You don't have access to any account. 54:31 - LdapClient v-0.5 >>>> 54:31 - isValidUser is called. >>>> 54:31 - LDAP Server is:localhost port:389 - OK >>>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>>> password:********** - OK >>>> 54:31 - Query baseDn (2):cn=madhu,ou=people,dc=example,dc=com >>>> filter:(&(&(objectClass=posixAccount))(cn=*)), attributes: dn, memberof, >>>> displayname - OK >>>> 54:31 - Query result count: 1 >>>> 54:31 - Query result memberofDn: 0 >>>> 54:31 - Query result DN: cn=madhu,ou=people,dc=example,dc=com >>>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>>> password:********** - OK >>>> 54:31 - getUserGroups is called. >>>> 54:31 - Query user's groups baseDn:ou=groups,dc=example,dc=com >>>> filter:(&(&(objectClass=posixGroup))(member=cn=madhu,ou=people,dc=example,dc=com)) >>>> >>>> - OK >>>> 54:31 - Found groups: >>>> >>>>> >>>>> >>> >>> Do I need to give full DN..for username..? >>> >>> >>> On Wednesday, 23 March 2016 20:02:38 UTC+5:30, Jay Farschman wrote: >>>> >>>> Madhu, >>>> >>>> I believe :bind_type => 'openldap', is incorrect. If can be either >>>> "regular" or "simple" >>>> >>>> >>>> https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration >>>> >>>> I used regular, but I also am connecting to MS Active Directory. >>>> >>>> On Tuesday, March 22, 2016 at 11:03:41 PM UTC-6, Madhu wrote: >>>>> >>>>> My LDAP config settings in scalr >>>>> >>>>> >>>>> >>>>> >>>>> app[:configuration] = { >>>>>> :scalr => { >>>>>> # Tells Scalr to use LDAP for authentication >>>>>> :auth_mode => 'ldap', >>>>>> >>>>>> :connections => { >>>>>> :ldap => { >>>>>> # Tells Scalr what LDAP server to connect to >>>>>> :bind_type => 'openldap', >>>>>> :host => 'localhost', >>>>>> :port => '389', >>>>>> >>>>>> # Tells Scalr where to look at for users and groups >>>>>> :base_dn => 'ou=people,dc=example,dc=com', >>>>>> >>>>>> :user => 'cn="Directory Manager"', >>>>>> :pass => 'password', >>>>>> >>>>>> :base_dn_groups => 'ou=groups,dc=example,dc=com', >>>>>> >>>>>> # Tells Scalr what attributes to look at >>>>>> :username_attribute => 'cn', >>>>>> :groupname_attribute => 'cn', >>>>>> >>>>>> # Tells Scalr how group membership is represented >>>>>> :group_member_attribute_type => 'memberUid', >>>>>> >>>>>> # Tells Scalr to use filters to speed up queries >>>>>> :filter => { >>>>>> :users => '(&(objectClass=posixAccount))', >>>>>> :groups => '(&(objectClass=posixGroup))', >>>>>> }, >>>>>> >>>>>> # Uncomment for debug output if you can't login >>>>>> :debug => 1, >>>>>> } >>>>>> } >>>>>> } >>>>>> } >>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Wednesday, 23 March 2016 10:25:17 UTC+5:30, madhusudan kh wrote: >>>>>> >>>>>> >>>>>> Hi, >>>>>> We are trying to implement LDAP auth with scalr, weare using 389 >>>>>> Directory server, I enabled debug for LDAP in scalr config, everything >>>>>> says >>>>>> "ok", but after that nothing happens!, have anyone got working with 389 >>>>>> Directory server..? please need help here. >>>>>> Well I am able to login with local credentials, do i need to disable >>>>>> local auth..?, does scalr supports only AD or it supports other open >>>>>> source >>>>>> LDAP server too..? >>>>>> >>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to scalr-discuss+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
