-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP configuration stopped working #348
Comments
Thanks for opening this issue @devasmith.
|
When authenticating I am prompted for my credentials but when I try to login with correct credentials I receive
/run/config/netbox/ldap.yml AUTH_LDAP_SERVER_URI: "ldap://ipa.example.com"
AUTH_LDAP_BIND_DN: "uid=ldap_search,cn=users,cn=accounts,dc=example,dc=com"
AUTH_LDAP_START_TLS: true
LDAP_IGNORE_CERT_ERRORS: false
LDAP_CA_CERT_FILE: /etc/netbox/config/ldap/ldap_ca.crt
AUTH_LDAP_USER_DN_TEMPLATE: uid=%(user)s,cn=users,cn=accounts,dc=example,dc=com
AUTH_LDAP_USER_SEARCH_BASEDN: "cn=users,cn=accounts,dc=example,dc=com"
AUTH_LDAP_USER_SEARCH_ATTR: "sAMAccountName"
AUTH_LDAP_GROUP_SEARCH_BASEDN: "cn=groups,cn=accounts,dc=example,dc=com"
AUTH_LDAP_GROUP_SEARCH_CLASS: "groupOfNames"
AUTH_LDAP_GROUP_TYPE: "GroupOfNamesType"
AUTH_LDAP_REQUIRE_GROUP: "cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com"
AUTH_LDAP_FIND_GROUP_PERMS: true
AUTH_LDAP_MIRROR_GROUPS: true
AUTH_LDAP_MIRROR_GROUPS_EXCEPT: null
AUTH_LDAP_CACHE_TIMEOUT: 3600
In the logs I see error message that the operation failed due to failed credentials in the slapd access log. (err 49). Unfortunately it doesn't say much more than this. [23/Sep/2024:08:47:12.406269472 +0200] conn=922230 TLS1.3 128-bit AES-GCM
[23/Sep/2024:08:47:12.406539315 +0200] conn=922230 op=1 BIND dn="uid=foobar,cn=users,cn=accounts,dc=example,dc=com" method=128 version=3
[23/Sep/2024:08:47:12.407446043 +0200] conn=922230 op=1 RESULT err=49 tag=97 nentries=0 wtime=0.005224359 optime=0.000915039 etime=0.006136950
[23/Sep/2024:08:47:12.408967481 +0200] conn=922230 op=2 UNBIND
[23/Sep/2024:08:47:12.408998648 +0200] conn=922230 op=2 fd=388 closed error - U1 |
Thanks for your detailed answer. I see your LDAP values are using the former Meanwhile, can you try adding the following var to your # Same value as AUTH_LDAP_REQUIRE_GROUP, but inside an array.
AUTH_LDAP_REQUIRE_GROUP_LIST: [ "cn=ipausers,cn=groups,cn=accounts,dc=example,dc=com" ] |
Hi sorry, I haven't had time to look into this yet. I don't know if I can test this easily as I would need to modify the contents inside the container. |
No worries @devasmith. |
I proceeded using the new method using lists instead of strings for those values and that works fine. I don't know if there is a need to backport this. |
Hi. Since upgrading to
5.0.0-beta.101
it seems like the LDAP authentication stopped working.I have validated that all the LDAP files within
/run/config/netbox
and/run/secrets/netbox/ldap_bind_password
are identical to previous version5.0.0-beta.82
.Unfortunately logging seem to be silent and is not outputting anything related to the failed LDAP login attempts.
Ref: #340
The text was updated successfully, but these errors were encountered: