ldap authentication - no entries returned

S

svacaroaia

Member
Oct 4, 2012
36
0
6
Hi,

I am trying to add an LDAP authentication to my Proxmox cluster

Ive added the realm and the user but I cannot login because "no entries returned"

I've read some other posts and it seems that this will work ONLY if anonymous search are allowed on the LDAP server

Could someone please clarify this
troubleshooting tips / commands and logs to be checked will also be appreciated

cat domains.cfg
ldap: ldap
comment LDAP from auth.tor.oss.novarex.net over SSL
base_dn ou=Users,dc=tor,dc=xxxxxxx,dc=net
server1 auth.tor.oss.xxxxxx.net
user_attr uid
secure



Here is my account on openLDAP server

User's LDAP DNuid=svacaroaia,ou=Users,dc=tor,dc=xxxxxx,dc=net
LDAP object classesposixAccount , shadowAccount , person , inetOrgPerson
Username
 
svacaroaia said:
Hi,

I am trying to add an LDAP authentication to my Proxmox cluster

Ive added the realm and the user but I cannot login because "no entries returned"

I've read some other posts and it seems that this will work ONLY if anonymous search are allowed on the LDAP server

Could someone please clarify this
troubleshooting tips / commands and logs to be checked will also be appreciated

cat domains.cfg
ldap: ldap
comment LDAP from auth.tor.oss.novarex.net over SSL
base_dn ou=Users,dc=tor,dc=xxxxxxx,dc=net
server1 auth.tor.oss.xxxxxx.net
user_attr uid
secure



Here is my account on openLDAP server

User's LDAP DNuid=svacaroaia,ou=Users,dc=tor,dc=xxxxxx,dc=net
LDAP object classesposixAccount , shadowAccount , person , inetOrgPerson
Username
Click to expand...
Hi,
this is my running config for an gosa2 ldap:
Code: 
ldap: ldap
        base_dn dc=domain,dc=com
        comment gosa
        default
        secure
        server1 172.10.1.12
        server2 172.10.1.13
        user_attr uid
Udo
 
Thanks Udo,
I think the only difference between my settings and yours is the fact that I do not allow anonymous search

Is there any way that we can "tell" proxmox to bind to the LDAP server using a username/password ?

Steven
 
svacaroaia said:
Is there any way that we can "tell" proxmox to bind to the LDAP server using a username/password ?
Click to expand...

The current implementation detect the DN of users using an anonymous search. The question is if we can skip this step and gererate the DN directly using base_dn/user_attr - or try both approaches. I can assemble some test packages if you are willing to test?
 
I do not think this will solve all cases because most Windows AD does not use a DN for login - well, actually they do but nobody uses it. The preferred way to login to a Windows AD is domain\userid:password or userid:password. It is also worth noticing that the only LDAP server allowing anonymous search by default seems to be OpenLDAP.
 
dietmar said:
The current implementation detect the DN of users using an anonymous search. The question is if we can skip this step and gererate the DN directly using base_dn/user_attr - or try both approaches. I can assemble some test packages if you are willing to test?
Click to expand...

I'm interested in such package !
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back