LDAP Application Authentication

Discussion in 'General Server' started by freshgrilled, Jun 28, 2012.

  1. freshgrilled

    freshgrilled New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    First time posting on this forum, so feel free to nudge me in the right direction if I'm posting this in the wrong area.

    I've been attempting to deploy openldap (cn=config) across our cloud environment.

    The version is openldap 2.4.2 and I'll paste the contents of the exported ldif at the end of this.

    I'm attempting to configure openldap so that applications can connect and authorize users. Some examples, I've got Atlassian products, zabbix, Nexus, and a few other items that are all ldap friendly.

    I've configured ldap and configured just enough accounts to attempt some tests. Everything seems to test ok with ldapsearch, and using nexus (for example) I can test authentication via the admin account and the application finds and lists users properly from the ldap application.

    This is great, but after configuring the various applications with ldap and the users, I am unable to log in as any of the users. In nexus, I used the application to add the user (after it found the user via ldap) and added a local permission set that allowed log on, but no go. No errors in the logs either. A kneejerk reaction on my part has been to assume the password was not configured correctly, but I've fiddled with the password and have not been able to resolve the problem.

    I have done some research, but most documentation is for older pre cn=config (not that I'm sure that matters with regards to my issue) and looking up authentication issues with ldap almost always either results in information advanced authentication or local system account authentication (which I am not using).

    By default I am using a plaintext password (userPassword)

    Some raw info (passwords and names have been modified)

    Here is the result of an ldap search:

    root:/etc/ldap/slapd.d/cn=config# ldapsearch -D cn=admin,dc=inside,dc=com -w naughy -b ou=users,dc=inside,dc=com uid=john
    # extended LDIF
    #
    # LDAPv3
    # base <ou=users,dc=inside,dc=com> with scope subtree
    # filter: uid=john
    # requesting: ALL
    #

    # John Paul, users, inside.com
    dn: cn=John Paul,ou=users,dc=inside,dc=com
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: person
    objectClass: top
    uid: john
    sn: Paul
    cn: John Paul
    userPassword:: ZXpwymVlczA=
    mail: removed

    # search result
    search: 2
    result: 0 Success

    # numResponses: 2
    # numEntries: 1

    ------------------------

    Contents of LDIF
    version: 1

    dn: dc=inside,dc=com
    objectClass: domain
    dc: inside

    dn: ou=users,dc=inside,dc=com
    objectClass: top
    objectClass: organizationalUnit
    ou: users

    dn: ou=groups,dc=inside,dc=com
    objectClass: top
    objectClass: organizationalUnit
    ou: groups

    dn: cn=John Paul,ou=users,dc=inside,dc=com
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    cn: John Paul
    sn: Paul
    mail: removed
    uid: john
    userPassword:: ZXpwymVlczA=

    dn: cn=admin,ou=groups,dc=inside,dc=com
    objectClass: top
    objectClass: groupOfUniqueNames
    cn: admin
    uniqueMember: uid=john,ou=users,dc=inside,dc=com

    dn: cn=Developer,ou=users,dc=inside,dc=com
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    cn: Developer
    sn: Developer
    mail: removed
    uid: dev
    userPassword:: MXZfMGQsfTBafeN5

    dn: cn=developers,ou=groups,dc=inside,dc=com
    objectClass: top
    objectClass: groupOfUniqueNames
    cn: developers
    uniqueMember: uid=erik,ou=users,dc=inside,dc=com
    uniqueMember: uid=john,ou=users,dc=inside,dc=com
    uniqueMember: uid=dev,ou=users,dc=inside,dc=com

    dn: cn=Erik Aryan,ou=users,dc=inside,dc=com
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    cn: Erik Aryan
    sn: Aryan
    mail: removed
    uid: eric
    userPassword:: ZW5sfWtvMafdMiE=

    Thanks for any advice on this...

    Joel

Share This Page