ldap authentication - no entries returned

S

svacaroaia

Member
Oct 4, 2012
36
0
6
Hi,

I am trying to add an LDAP authentication to my Proxmox cluster

Ive added the realm and the user but I cannot login because "no entries returned"

I've read some other posts and it seems that this will work ONLY if anonymous search are allowed on the LDAP server

Could someone please clarify this
troubleshooting tips / commands and logs to be checked will also be appreciated

cat domains.cfg
ldap: ldap
comment LDAP from auth.tor.oss.novarex.net over SSL
base_dn ou=Users,dc=tor,dc=xxxxxxx,dc=net
server1 auth.tor.oss.xxxxxx.net
user_attr uid
secure



Here is my account on openLDAP server

[TABLE="width: 100%"]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]User's LDAP DN[/TD]
[TD="class: ui_value, colspan: 3"]uid=svacaroaia,ou=Users,dc=tor,dc=xxxxxx,dc=net[/TD]
[/TR]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]LDAP object classes[/TD]
[TD="class: ui_value, colspan: 3"]posixAccount , shadowAccount , person , inetOrgPerson[/TD]
[/TR]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]Username[/TD]
[TD="class: ui_value, colspan: 1"][/TD]
[/TR]
[/TABLE]
 
svacaroaia said:
Hi,

I am trying to add an LDAP authentication to my Proxmox cluster

Ive added the realm and the user but I cannot login because "no entries returned"

I've read some other posts and it seems that this will work ONLY if anonymous search are allowed on the LDAP server

Could someone please clarify this
troubleshooting tips / commands and logs to be checked will also be appreciated

cat domains.cfg
ldap: ldap
comment LDAP from auth.tor.oss.novarex.net over SSL
base_dn ou=Users,dc=tor,dc=xxxxxxx,dc=net
server1 auth.tor.oss.xxxxxx.net
user_attr uid
secure



Here is my account on openLDAP server

[TABLE="width: 100%"]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]User's LDAP DN[/TD]
[TD="class: ui_value, colspan: 3"]uid=svacaroaia,ou=Users,dc=tor,dc=xxxxxx,dc=net[/TD]
[/TR]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]LDAP object classes[/TD]
[TD="class: ui_value, colspan: 3"]posixAccount , shadowAccount , person , inetOrgPerson[/TD]
[/TR]
[TR="class: ui_table_row"]
[TD="class: ui_label, width: 30%"]Username[/TD]
[TD="class: ui_value"][/TD]
[/TR]
[/TABLE]
Click to expand...
Hi,
this is my running config for an gosa2 ldap:
Code: 
ldap: ldap
        base_dn dc=domain,dc=com
        comment gosa
        default
        secure
        server1 172.10.1.12
        server2 172.10.1.13
        user_attr uid
Udo
 
Thanks Udo,
I think the only difference between my settings and yours is the fact that I do not allow anonymous search

Is there any way that we can "tell" proxmox to bind to the LDAP server using a username/password ?

Steven
 
svacaroaia said:
Is there any way that we can "tell" proxmox to bind to the LDAP server using a username/password ?
Click to expand...

The current implementation detect the DN of users using an anonymous search. The question is if we can skip this step and gererate the DN directly using base_dn/user_attr - or try both approaches. I can assemble some test packages if you are willing to test?
 
I do not think this will solve all cases because most Windows AD does not use a DN for login - well, actually they do but nobody uses it. The preferred way to login to a Windows AD is domain\userid:password or userid:password. It is also worth noticing that the only LDAP server allowing anonymous search by default seems to be OpenLDAP.
 
dietmar said:
The current implementation detect the DN of users using an anonymous search. The question is if we can skip this step and gererate the DN directly using base_dn/user_attr - or try both approaches. I can assemble some test packages if you are willing to test?
Click to expand...

I'm interested in such package !
 
You must log in or register to reply here.
Top Bottom