Hi Josh, Would you have an update on my last request. I'm trying to do a mirrored group which I can use to reserve VMs.
User lookup returns results but tge group part is empty. Regards, Luckmore Chirongo On Thu, 24 Sep 2020, 18:26 L Chirongo, <[email protected]> wrote: > Thank you Josh for the assistance. > > I am now able to authenticate using Windows AD. > > The last item I would like guidance on is the User Groups, so I can assign > images. I have done a user lookup while logged in as local Admin, as well > as log in with the relevant AD user successfully. However, the AD group > does not show up in VCL user groups. The AD user is already assigned to the > vclusers group in AD. > > At this time, I plan to use one group (*vclusers*) for everyone and > gradually separate them. > > Please assist on this. > > Regards, > Luckmore Chirongo > > On Wed, Sep 23, 2020 at 9:46 PM Josh Thompson <[email protected]> > wrote: > >> Hi Luckmore, >> >> After tracing through the code a bit, it looks like your authentication >> must >> work correctly, and then the problem is encountered after it redirects >> you >> back to the site after setting an authentication cookie. It looks like >> the >> user set in the authentication cookie must be "[email protected]". >> However, the code is expceting the part after the '@' to be a VCL >> affiliation >> name, rather than a domain name. I'm not sure if it is documented >> anywhere or >> not, but affiliation names cannot contain '.' characters. Is the >> affiliation.name in your database set to 'domain.ac.bw' for id 6? If >> so, try >> changing it to something without any '.' characters in it. >> >> Let us know if that fixes the problem. >> >> Josh >> >> On Tuesday, September 22, 2020 12:50:13 PM EDT L Chirongo wrote: >> > Hi Josh, >> > >> > I enabled logging and below is the part from /var/log/messages when I >> was >> > attempting to do the domain login in VCL: >> > >> > Sep 22 17:43:09 mgt systemd-logind: New session 4 of user root. >> > Sep 22 17:43:10 mgt dbus[764]: [system] Activating service >> > name='org.freedesktop.problems' (using servicehelper) >> > Sep 22 17:43:10 mgt dbus[764]: [system] Successfully activated service >> > 'org.freedesktop.problems' >> > Sep 22 17:45:24 mgt httpd: ERROR(1): Failed to get user info from >> database. >> > userid was [email protected]#012Mode was >> > main#012#012#012Backtrace:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => >> > index.php:initGlobals() (line#:60)#012#012Backtrace with >> > Arguments:#012=-=-=-=-=-=-=-=-=-=-=-=#012Call#:1 => >> index.php:initGlobals() >> > (line#:60)#012Arguments(none):#012----------------------- >> > Sep 22 17:47:25 mgt httpd: PHP Fatal error: Call to undefined function >> > getFooter() in /var/www/html/vcl-2.5.1/.ht-inc/utils.php on line 14234 >> > >> > I noticed *generic.php* successfully binds and the user variable >> contains >> > only the userid with no suffix. Is there a way to remove the domain >> suffix >> > from the userid being sent in VCL? >> > >> > I tried to remove the suffix by changing conf.php to read *userid => >> "%s",* >> > but the suffix is still being sent as seen in /var/log/messages >> > >> > Regards, >> > Luckmore Chirongo >> > >> > On Tue, Sep 22, 2020 at 3:45 PM L Chirongo <[email protected]> >> wrote: >> > > Hi Josh, >> > > >> > > Thanks for your response. >> > > >> > > Yes, I have an affiliation with ID 6 in the affiliation table. I will >> go >> > > ahead and enable the logging as you advised. >> > > >> > > Regards, >> > > Luckmore Chirongo >> > > >> > > On Tue, 22 Sep 2020, 15:06 Josh Thompson, <[email protected]> >> wrote: >> > >> Hi Luckmore, >> > >> >> > >> Welcome to the VCL community! Thanks for your interest in using VCL. >> > >> >> > >> It sounds like your LDAP configuration is mostly correct. You have >> > >> affiliationid set to 6 for your "BU LDAP" entry. Do you have an >> entry in >> > >> your >> > >> affiliation table with and id of 6? I'd recommend enabling php error >> > >> logging >> > >> so that you can see what error is being hit a little more clearly. >> I'd >> > >> recommend modifying /etc/php.ini and configuring it to log to syslog. >> > >> You'll >> > >> also need to ensure log_errors is set to On. >> > >> >> > >> log_errors = On >> > >> error_log = syslog >> > >> >> > >> You can also configure it to log to a file, but getting the >> permissions >> > >> correct for that to work can be tricky. The file has to be owned by >> the >> > >> same >> > >> user that httpd runs as. >> > >> >> > >> After modifying php.ini, you'll need to restart httpd. Once you have >> > >> logging >> > >> enabled, try logging in with LDAP again and see if you see more >> > >> information >> > >> about the error in /var/log/messages. >> > >> >> > >> Let us know how it goes. >> > >> >> > >> Josh >> > >> >> > >> On Monday, September 21, 2020 4:47:23 PM EDT L Chirongo wrote: >> > >> > Hello, >> > >> > >> > >> > I have set up LDAPS on my Active directory to authenticate VCL >> using a >> > >> > self-signed wildcard certificate. Running *generic.php* is >> successful, >> > >> > giving a *Binding successful* message. >> > >> > >> > >> > Also, running *openssl s_client -showcerts -CAfile >> > >> > /etc/pki/tls/certs/ca-bundle.crt -connect ad1.domain.ac.bw:636 >> > >> > <http://ad1.domain.ac.bw:636>* gives a *“Verify return code: 0 >> (ok)”* >> > >> > message. >> > >> > >> > >> > However when I try to authenticate using LDAP in VCL I get Error: >> An >> > >> >> > >> error >> > >> >> > >> > has occurred. If this problem persists, please email... >> > >> > >> > >> > Attached are configured parts of my generic.php, conf.php and >> > >> >> > >> ldapauth.php >> > >> >> > >> > files. >> > >> > >> > >> > Thanks in advance for assistance. >> > >> > >> > >> > Regards, >> > >> > Luckmore Chirongo >> > >> >> > >> -- >> > >> ------------------------------- >> > >> Josh Thompson >> > >> Systems Programmer >> > >> Virtual Computing Lab (VCL) >> > >> North Carolina State University >> > >> >> > >> [email protected] >> > >> 919-515-5323 >> > >> >> > >> my GPG/PGP key can be found on pool.sks-keyservers.net >> > >> >> > >> All electronic mail messages in connection with State business which >> > >> are sent to or received by this account are subject to the NC Public >> > >> Records Law and may be disclosed to third parties. >> -- >> ------------------------------- >> Josh Thompson >> Systems Programmer >> Virtual Computing Lab (VCL) >> North Carolina State University >> >> [email protected] >> 919-515-5323 >> >> my GPG/PGP key can be found on pool.sks-keyservers.net >> >> All electronic mail messages in connection with State business which >> are sent to or received by this account are subject to the NC Public >> Records Law and may be disclosed to third parties. > >
