Authentification trouble on ldap-server

[udo]

Hi,
I tried the new authentification function and i think i make an mistake.
If I configure the ldap-server as authentification source, no login is possible. But also no packet from the pve-host reach the ldap-server!
I think i miss something important.

cat domains.cfg 
ldap: ldap
        base_dn dc=domain,dc=com
        comment gosa
        port 389
        server1 172.20.xx.xx
        user_attr uid

In the error log appear "... msg=no such user ('udo@ldap')"
Following ldap-packages are installed:

ii  libaprutil1-ldap                1.3.9+dfsg-5                 The Apache Portable Runtime Utility Library - LDAP Driver
ii  libldap-2.4-2                   2.4.23-7.2                   OpenLDAP libraries
ii  libnet-ldap-perl                1:0.4001-2                   client interface to LDAP servers

pveversion:

running kernel: 2.6.32-7-pve
proxmox-ve-2.6.32: 2.0-60
pve-kernel-2.6.32-6-pve: 2.6.32-55
pve-kernel-2.6.32-7-pve: 2.6.32-60
lvm2: 2.02.88-2pve1
clvm: 2.02.88-2pve1
corosync-pve: 1.4.1-1
openais-pve: 1.1.4-1
libqb: 0.10.1-2
redhat-cluster-pve: 3.1.8-3
resource-agents-pve: 3.9.2-3
fence-agents-pve: 3.1.7-1
pve-cluster: 1.0-22
qemu-server: 2.0-17
pve-firmware: 1.0-15
libpve-common-perl: 1.0-14
libpve-access-control: 1.0-11
libpve-storage-perl: 2.0-11
vncterm: 1.0-2
vzctl: 3.0.30-2pve1
vzprocps: 2.0.11-2
vzquota: 3.0.12-3
pve-qemu-kvm: 1.0-3
ksm-control-daemon: 1.1-1

Any hints?

Udo

 

[dietmar]

Any hints?

You also need to add (enable) the user. LDAP is only used for password verification.

 

[udo]

You also need to add (enable) the user. LDAP is only used for password verification.

Aaah,
thanks - work like expected.

BTW. at Permissions I can only add or remove an entry - not edit. Is this volitional?

Udo

 

[dietmar]

BTW. at Permissions I can only add or remove an entry - not edit. Is this volitional?

We can improve that in future - but add/remove is good enough to do everything you need.

 

[udo]

We can improve that in future - but add/remove is good enough to do everything you need.

Of course - i'm happy with the user administration!

Udo

 

[coffe]

Udo.
i am also working on this go get it to work with Gosa/fusion Director.
my goal is to make a proxmox plugin for Gosa/FD .

//Coffe

 

[udo]

Udo.
i am also working on this go get it to work with Gosa/fusion Director.
my goal is to make a proxmox plugin for Gosa/FD .

//Coffe

Hi Coffe,
intresting - how should that work? Perhaps with an prefix - eg. all groups with pve_* will used by pve with all members?

Udo

 

[coffe]

Udo:
my goal is to have it as own module like mail/samba.
Will start working on it next week.
Dont know if you have seen the other thread ? about syncing ldap data into pve data , maby we can try to find a solution for that togheter ?