Hi Jay, I tried with both bind_type, but no luck. :-( , same error, tried tcpdump with 127.0.0.1 and "localhost" no output!. thought of asking you what exactly does this command do "tcpdump -nnvvAs 1514" is 1514 port ..? .
let us know if you need any information... On Thursday, 24 March 2016 23:30:37 UTC+5:30, Jay Farschman wrote: > > It makes sense to me. Check "scalr.connections.ldap.bind_type" > > https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration > > "regular" = Login name only > "simple" = Full Name, Display Name or SAMAccountName > > You need may be able to tcpdump on 127.0.0.1... but I've never tried that. > > On Thursday, March 24, 2016 at 10:19:53 AM UTC-6, Madhu wrote: >> >> Hi Jay, >> >> Thanks for the reply, tcpdump command is not yielding anything, since I >> am using 389 Directory server and not Active directory, and the debug info >> lines like "44:44 - Query result memberofDn: 0" indicates that the scalr >> ldap is more Active Directory oriented!. >> also while authenticating it is adding domain to the username!, like >> [email protected] and then password!!, strange,isn't it ..?because I >> have disabled the domain in the config. >> >> Anyway will try some workaround, if anyone succeeded with open source >> LDAP servers let us know. >> >> >> >> >> On Thursday, 24 March 2016 20:32:39 UTC+5:30, Jay Farschman wrote: >>> >>> Madhu, >>> >>> I would recommend setting doing a tcpdump on the auth server. If you >>> keep using the unencrypted port 389 then this line will show you some nice >>> debug information. >>> >>> tcpdump -nnvvAs 1514 host <IPofAuthServer> >>> >>> Very interesting that it works when you send the full dn. Does that >>> really work? If so, it seems like you are really close and need to set some >>> user attributes. For me, it looks like this? >>> >>> # User Attributed >>> >>> :domain => 'example.com', >>> >>> :mail_attribute => 'mail', >>> >>> :fullname_attribute => 'displayName', >>> >>> # Tells Scalr where to look at for users and groups >>> >>> :base_dn => 'OU=Employees,DC=example,DC=com', >>> >>> :base_dn_groups => 'OU=Security Groups,DC=example,DC=com', >>> >>> # Tells Scalr what attributes to look at CN >>> >>> :username_attribute => 'sAMAccountName', >>> :groupname_attribute => 'CN', >>> >>> On Wednesday, March 23, 2016 at 8:28:22 PM UTC-6, Madhu wrote: >>>> >>>> Hi Jay, >>>> >>>> I tried both regular/simple, in both case i get two type errors!. >>>> >>>> *1) when i try with username "madhu"* >>>> >>>> Incorrect login or password (1) 53:48 - LdapClient v-0.5 >>>>> 53:48 - isValidUser is called. >>>>> 53:48 - LDAP Server is:localhost port:389 - OK >>>>> 53:48 - Bind username:madhu password:********** - Failed >>>>> >>>>>> 53:48 - Could not bind LDAP. No such object >>>>>> >>>>> >>>> >>>> >>>> *2)when i try with username(full dn) >>>> "cn=madhu,ou=people,dc=example,dc=com"* >>>> >>>> You don't have access to any account. 54:31 - LdapClient v-0.5 >>>>> 54:31 - isValidUser is called. >>>>> 54:31 - LDAP Server is:localhost port:389 - OK >>>>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>>>> password:********** - OK >>>>> 54:31 - Query baseDn (2):cn=madhu,ou=people,dc=example,dc=com >>>>> filter:(&(&(objectClass=posixAccount))(cn=*)), attributes: dn, memberof, >>>>> displayname - OK >>>>> 54:31 - Query result count: 1 >>>>> 54:31 - Query result memberofDn: 0 >>>>> 54:31 - Query result DN: cn=madhu,ou=people,dc=example,dc=com >>>>> 54:31 - Bind username:cn=madhu,ou=people,dc=example,dc=com >>>>> password:********** - OK >>>>> 54:31 - getUserGroups is called. >>>>> 54:31 - Query user's groups baseDn:ou=groups,dc=example,dc=com >>>>> filter:(&(&(objectClass=posixGroup))(member=cn=madhu,ou=people,dc=example,dc=com)) >>>>> >>>>> - OK >>>>> 54:31 - Found groups: >>>>> >>>>>> >>>>>> >>>> >>>> Do I need to give full DN..for username..? >>>> >>>> >>>> On Wednesday, 23 March 2016 20:02:38 UTC+5:30, Jay Farschman wrote: >>>>> >>>>> Madhu, >>>>> >>>>> I believe :bind_type => 'openldap', is incorrect. If can be either >>>>> "regular" or "simple" >>>>> >>>>> >>>>> https://scalr-wiki.atlassian.net/wiki/display/docs/Advanced+Configuration >>>>> >>>>> I used regular, but I also am connecting to MS Active Directory. >>>>> >>>>> On Tuesday, March 22, 2016 at 11:03:41 PM UTC-6, Madhu wrote: >>>>>> >>>>>> My LDAP config settings in scalr >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> app[:configuration] = { >>>>>>> :scalr => { >>>>>>> # Tells Scalr to use LDAP for authentication >>>>>>> :auth_mode => 'ldap', >>>>>>> >>>>>>> :connections => { >>>>>>> :ldap => { >>>>>>> # Tells Scalr what LDAP server to connect to >>>>>>> :bind_type => 'openldap', >>>>>>> :host => 'localhost', >>>>>>> :port => '389', >>>>>>> >>>>>>> # Tells Scalr where to look at for users and groups >>>>>>> :base_dn => 'ou=people,dc=example,dc=com', >>>>>>> >>>>>>> :user => 'cn="Directory Manager"', >>>>>>> :pass => 'password', >>>>>>> >>>>>>> :base_dn_groups => 'ou=groups,dc=example,dc=com', >>>>>>> >>>>>>> # Tells Scalr what attributes to look at >>>>>>> :username_attribute => 'cn', >>>>>>> :groupname_attribute => 'cn', >>>>>>> >>>>>>> # Tells Scalr how group membership is represented >>>>>>> :group_member_attribute_type => 'memberUid', >>>>>>> >>>>>>> # Tells Scalr to use filters to speed up queries >>>>>>> :filter => { >>>>>>> :users => '(&(objectClass=posixAccount))', >>>>>>> :groups => '(&(objectClass=posixGroup))', >>>>>>> }, >>>>>>> >>>>>>> # Uncomment for debug output if you can't login >>>>>>> :debug => 1, >>>>>>> } >>>>>>> } >>>>>>> } >>>>>>> } >>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Wednesday, 23 March 2016 10:25:17 UTC+5:30, madhusudan kh wrote: >>>>>>> >>>>>>> >>>>>>> Hi, >>>>>>> We are trying to implement LDAP auth with scalr, weare using 389 >>>>>>> Directory server, I enabled debug for LDAP in scalr config, everything >>>>>>> says >>>>>>> "ok", but after that nothing happens!, have anyone got working with 389 >>>>>>> Directory server..? please need help here. >>>>>>> Well I am able to login with local credentials, do i need to disable >>>>>>> local auth..?, does scalr supports only AD or it supports other open >>>>>>> source >>>>>>> LDAP server too..? >>>>>>> >>>>>>> >>>>>>> -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
