XOCE Integration with OpenLDAP
-
This is the most relevant information I can find regarding OpenLDAP integration for use with Xen Orchestra.
-
@wesleylc1 you probably mean Xen Orchestra. XOCE is just a helper script from the community to install Xen Orchestra from the sources.
-
@stormi I believe @wesleylc1 thinks you are suggesting this a script issue rather than a ldap configuration issue.
@wesleylc1 can you confirm your ldap settings from within the plugin.
-
@DustinB If that's the case, then let's state that it's not what I meant. I'm just clarifying names
-
Hi @DustinB an image with the settings used by my openldap server.
plugin.test { "id": "auth-ldap", "data": { "username": "ws02", "password": "* obfuscated *" } } { "message": "192.168.45.11 is an invalid LDAP url (protocol)", "name": "TypeError", "stack": "TypeError: 192.168.45.11 is an invalid LDAP url (protocol) at Object.parse (/opt/xen-orchestra/node_modules/ldapjs/lib/url.js:16:13) at new Client (/opt/xen-orchestra/node_modules/ldapjs/lib/client/client.js:310:16) at createClient (/opt/xen-orchestra/node_modules/ldapjs/lib/client/index.js:54:12) at /opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:184:32 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:24:103) at _next (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:194) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:97 at AuthLdap._authenticate (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:177:61) at AuthLdap.wrapper [as _authenticate] (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15) at AuthLdap.test (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:167:16) at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:254:26 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:28:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:194) at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:97 at _default.testPlugin (/opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:228:29) at Xo.wrapper (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15) at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/src/api/plugin.js:109:13) at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:15:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:194) at /opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:97) at Xo.test (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:162:16) at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.js:281:32 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:38:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:40:194) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromiseCtx (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:611:10) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:142:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }
Best regards,
Wesley Santos -
@wesleylc1 the URI should look like:
ldap://<ip or fqdn>
-
@borzel, I made the adjustment, now a new error appears.
plugin.test { "id": "auth-ldap", "data": { "username": "marcos", "password": "* obfuscated *" } } { "message": "could not authenticate user", "name": "Error", "stack": "Error: could not authenticate user at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }
Best regards,
Wesley Santos -
@wesleylc1 at this stage I'm out
@olivierlambert or @julien-f maybe can help.
-
@borzel, thank you.
-
Hello, I was able to login with my ldap login, but I would like to specify a ldap user group.
Best regards,
Wesley Santos -
So use a filter with the group you want.
-
Changes made, as below.
Best regards,
Wesley Santos -
Why the group name is between
< >
? -
I made the changes, but I continue with errors.
Group settings in "OpenLDAP".
plugin.test { "id": "auth-ldap", "data": { "username": "ws02", "password": "* obfuscated *" } } { "message": "could not authenticate user", "name": "Error", "stack": "Error: could not authenticate user at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }
Best regards,
Wesley Santos -
I don't think that's the right syntax. But it's not a XO issue, it's a LDAP setting issue. Check what filter would work with your LDAP server, and it will work.
-
@wesleylc1 maybe the
memberOf=
needs a LDAP-Value likeCN=blabla,OU=yadayada,DC=whatever
? -
@olivierlambert
I think the error is related to the attributes of "OpenLDAP", but I'm not sure how to filter. -
You need to find/read documentation on LDAP filter for your server. Then it will work
-
Dear, is it possible to search with the "group and users" option?
Best regards,
Wesley Santos -
@wesleylc1 As @olivierlambert said, this is an LDAP config issue, you need to know the structure of your LDAP server.
The
auth-ldap
plugin comes with a CLI which is useful to test various configuration and figure out what is wrong:$ /usr/local/lib/node_modules/xo-server-auth-ldap/dist/test-cli.js ? uri