Hello,
I'm trying setup Cobbler with LDAP(AD), below the configuration of /etc/cobbler/modules.conf and /etc/cobbler/setup:
modules.conf: [authentication] module = authn_ldap [authorization] module = authz_allowall
setup: ldap_server: "192.168.0.1" ldap_base_dn: "dc=domain,dc=com" ldap_port: 389 ldap_tls: 0 ldap_anonymous_bind: 0 ldap_search_bind_dn: 'CN=Admin,OU=Users,dc=domain,dc=com' ldap_search_passwd: strangepassword' ldap_search_prefix: 'sAMAccountName' ldap_tls_cacertfile: '' ldap_tls_keyfile: '' ldap_tls_certfile: ''
Cobbler Version: cobbler-2.4.0-1.el6.noarch cobbler-web-2.4.0-1.el6.noarch
Error: Mon Sep 30 14:47:05 2013 - INFO | Exception occured: <class 'ldap.FILTER_ERROR'> Mon Sep 30 14:47:05 2013 - INFO | Exception value: {'desc': 'Bad search filter'} Mon Sep 30 14:47:05 2013 - INFO | Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 2049, in _dispatch return method_handle(*params) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1840, in login if self.__validate_user(login_user,login_password): File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1737, in __validate_user return self.api.authenticate(input_user,input_password) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 1012, in authenticate rc = self.authn.authenticate(self,user,password) File "/usr/lib/python2.6/site-packages/cobbler/modules/authn_ldap.py", line 126, in authenticate result = dir.search_s(basedn, ldap.SCOPE_SUBTREE, filter, []) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 516, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 509, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 505, in search_ext timeout,sizelimit, File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs)
I tried different search prefix or even disabled it and no success.
Any ideas on this?
Best Regards, Danilo F. Chilene
I'm using an older version of cobbler (2.2.3) but in my version the ldap settings are in /etc/cobbler/settings; I don't have a "setup" file...
In any case, in my settings file my ldap_search_prefix is:
ldap_search_prefix: 'uid='
So you may just need an "=" at the end (or whatever LDAP search operator(s) you want to use), e.g.:
ldap_search_prefix: 'sAMAccountName='
On 2013-09-30 1:59 PM, Danilo Chilene wrote:
Hello,
I'm trying setup Cobbler with LDAP(AD), below the configuration of /etc/cobbler/modules.conf and /etc/cobbler/setup:
modules.conf: [authentication] module = authn_ldap [authorization] module = authz_allowall
setup: ldap_server: "192.168.0.1" ldap_base_dn: "dc=domain,dc=com" ldap_port: 389 ldap_tls: 0 ldap_anonymous_bind: 0 ldap_search_bind_dn: 'CN=Admin,OU=Users,dc=domain,dc=com' ldap_search_passwd: strangepassword' ldap_search_prefix: 'sAMAccountName' ldap_tls_cacertfile: '' ldap_tls_keyfile: '' ldap_tls_certfile: ''
Cobbler Version: cobbler-2.4.0-1.el6.noarch cobbler-web-2.4.0-1.el6.noarch
Hello Robert,
Already tried using the "=" and got another error:
Mon Sep 30 14:36:02 2013 - INFO | Exception occured: <class 'ldap.OPERATIONS_ERROR'> Mon Sep 30 14:36:02 2013 - INFO | Exception value: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'} Mon Sep 30 14:36:02 2013 - INFO | Exception Info: File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 2049, in _dispatch return method_handle(*params) File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1840, in login if self.__validate_user(login_user,login_password): File "/usr/lib/python2.6/site-packages/cobbler/remote.py", line 1737, in __validate_user return self.api.authenticate(input_user,input_password) File "/usr/lib/python2.6/site-packages/cobbler/api.py", line 1012, in authenticate rc = self.authn.authenticate(self,user,password) File "/usr/lib/python2.6/site-packages/cobbler/modules/authn_ldap.py", line 126, in authenticate result = dir.search_s(basedn, ldap.SCOPE_SUBTREE, filter, []) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 516, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 510, in search_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs)
On Tue, Oct 1, 2013 at 12:49 PM, Robert Jacobson <Robert.C.Jacobson@nasa.gov
wrote:
I'm using an older version of cobbler (2.2.3) but in my version the ldap settings are in /etc/cobbler/settings; I don't have a "setup" file...
In any case, in my settings file my ldap_search_prefix is:
ldap_search_prefix: 'uid='
So you may just need an "=" at the end (or whatever LDAP search operator(s) you want to use), e.g.:
ldap_search_prefix: 'sAMAccountName='
On 2013-09-30 1:59 PM, Danilo Chilene wrote:
Hello,
I'm trying setup Cobbler with LDAP(AD), below the configuration of /etc/cobbler/modules.conf and /etc/cobbler/setup:
modules.conf: [authentication] module = authn_ldap [authorization] module = authz_allowall
setup: ldap_server: "192.168.0.1" ldap_base_dn: "dc=domain,dc=com" ldap_port: 389 ldap_tls: 0 ldap_anonymous_bind: 0 ldap_search_bind_dn: 'CN=Admin,OU=Users,dc=domain,dc=com' ldap_search_passwd: strangepassword' ldap_search_prefix: 'sAMAccountName' ldap_tls_cacertfile: '' ldap_tls_keyfile: '' ldap_tls_certfile: ''
Cobbler Version: cobbler-2.4.0-1.el6.noarch cobbler-web-2.4.0-1.el6.noarch
--
Robert Jacobson Robert.C.Jacobson@nasa.gov Lead System Admin Solar Dynamics Observatory (SDO) Bldg 14, E222 (301) 286-1591
On 2013-10-01 12:59 PM, Danilo Chilene wrote:
Hello Robert,
Already tried using the "=" and got another error:
Mon Sep 30 14:36:02 2013 - INFO | Exception occured: <class 'ldap.OPERATIONS_ERROR'> Mon Sep 30 14:36:02 2013 - INFO | Exception value: {'info': '000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1', 'desc': 'Operations error'}
Well that's better -- the prefix is probably ok. Now you have a simple bind error -- most likely incorrect login credentials. If your server allows anonymous bind, you can use that in your cobbler config.
If your LDAP server doesn't allow anon bind, then test your credentials with the demo_connect.py script below, see
http://www.cobblerd.org/manuals/2.4.0/6/2/2_-_LDAP.html
==================================================== #!/usr/bin/python
""" Copyright 2007-2009, Red Hat, Inc and Others Michael DeHaan <michael.dehaan AT gmail>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA """
from xmlrpclib import ServerProxy import optparse
if __name__ == "__main__": p = optparse.OptionParser() p.add_option("-u","--user",dest="user",default="test") p.add_option("-p","--pass",dest="password",default="test")
# NOTE: if you've changed your xmlrpc_rw port or # disabled xmlrpc_rw this test probably won't work
sp = ServerProxy("http://127.0.0.1:25151") (options, args) = p.parse_args() print "- trying to login with user=%s" % options.user token = sp.login(options.user,options.password) print "- token: %s" % token print "- authenticated ok, now seeing if user is authorized" check = sp.check_access(token,"imaginary_method_name") print "- access ok? %s" % check
==========================================================
cobbler@lists.fedorahosted.org
-
Danilo Chilene -
Robert Jacobson