XOCE Integration with OpenLDAP



  • Hi, has anyone been successful integrating XOCE with "OpenLDAP"?

    Bestregards,
    Wesley Santos



  • This is the most relevant information I can find regarding OpenLDAP integration for use with Xen Orchestra.

    https://xen-orchestra.com/docs/ldap.html


  • XCP-ng Team

    @wesleylc1 you probably mean Xen Orchestra. XOCE is just a helper script from the community to install Xen Orchestra from the sources.



  • @stormi I believe @wesleylc1 thinks you are suggesting this a script issue rather than a ldap configuration issue.

    @wesleylc1 can you confirm your ldap settings from within the plugin.


  • XCP-ng Team

    @DustinB If that's the case, then let's state that it's not what I meant. I'm just clarifying names 🙂



  • Hi @DustinB an image with the settings used by my openldap server.

    Captura de tela de 2019-06-24 09-56-39.png

    Captura de tela de 2019-06-24 10-05-23.png Captura de tela de 2019-06-24 10-05-45.png Captura de tela de 2019-06-24 10-06-00.png

    plugin.test
    {
      "id": "auth-ldap",
      "data": {
        "username": "ws02",
        "password": "* obfuscated *"
      }
    }
    {
      "message": "192.168.45.11 is an invalid LDAP url (protocol)",
      "name": "TypeError",
      "stack": "TypeError: 192.168.45.11 is an invalid LDAP url (protocol)
        at Object.parse (/opt/xen-orchestra/node_modules/ldapjs/lib/url.js:16:13)
        at new Client (/opt/xen-orchestra/node_modules/ldapjs/lib/client/client.js:310:16)
        at createClient (/opt/xen-orchestra/node_modules/ldapjs/lib/client/index.js:54:12)
        at /opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:184:32
        at Generator.next (<anonymous>)
        at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:24:103)
        at _next (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:194)
        at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:364
        at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9)
        at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18)
        at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10)
        at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:97
        at AuthLdap._authenticate (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:177:61)
        at AuthLdap.wrapper [as _authenticate] (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15)
        at AuthLdap.test (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:167:16)
        at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:254:26
        at Generator.next (<anonymous>)
        at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:28:103)
        at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:194)
        at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:364
        at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9)
        at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18)
        at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10)
        at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:97
        at _default.testPlugin (/opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:228:29)
        at Xo.wrapper (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15)
        at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/src/api/plugin.js:109:13)
        at Generator.next (<anonymous>)
        at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:15:103)
        at _next (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:194)
        at /opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:364
        at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9)
        at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18)
        at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10)
        at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:97)
        at Xo.test (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:162:16)
        at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.js:281:32
        at Generator.next (<anonymous>)
        at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:38:103)
        at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:40:194)
        at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23)
        at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31)
        at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18)
        at Promise._settlePromiseCtx (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:611:10)
        at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:142:12)
        at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9)
        at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5)
        at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14)
        at runCallback (timers.js:810:20)
        at tryOnImmediate (timers.js:768:5)
        at processImmediate [as _immediateCallback] (timers.js:745:5)"
    } 
    

    Best regards,
    Wesley Santos


  • XCP-ng Center Team

    @wesleylc1 the URI should look like: ldap://<ip or fqdn>



  • @borzel, I made the adjustment, now a new error appears.

    plugin.test
    {
      "id": "auth-ldap",
      "data": {
        "username": "marcos",
        "password": "* obfuscated *"
      }
    }
    {
      "message": "could not authenticate user",
      "name": "Error",
      "stack": "Error: could not authenticate user
        at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14)
        at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23)
        at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31)
        at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18)
        at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10)
        at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18)
        at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12)
        at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9)
        at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5)
        at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14)
        at runCallback (timers.js:810:20)
        at tryOnImmediate (timers.js:768:5)
        at processImmediate [as _immediateCallback] (timers.js:745:5)"
    } 
    

    Best regards,
    Wesley Santos


  • XCP-ng Center Team

    @wesleylc1 at this stage I'm out 😕

    @olivierlambert or @julien-f maybe can help.



  • @borzel, thank you.



  • Hello, I was able to login with my ldap login, but I would like to specify a ldap user group.

    Best regards,
    Wesley Santos


  • Admin

    So use a filter with the group you want.



  • Changes made, as below.

    Captura de tela de 2019-06-24 15-12-07.png

    Best regards,
    Wesley Santos


  • Admin

    Why the group name is between < >?



  • I made the changes, but I continue with errors.

    Captura de tela de 2019-06-24 15-26-48.png

    Group settings in "OpenLDAP".

    Captura de tela de 2019-06-24 15-21-35.png

    plugin.test
    {
      "id": "auth-ldap",
      "data": {
        "username": "ws02",
        "password": "* obfuscated *"
      }
    }
    {
      "message": "could not authenticate user",
      "name": "Error",
      "stack": "Error: could not authenticate user
        at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14)
        at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23)
        at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31)
        at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18)
        at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10)
        at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18)
        at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12)
        at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9)
        at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5)
        at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14)
        at runCallback (timers.js:810:20)
        at tryOnImmediate (timers.js:768:5)
        at processImmediate [as _immediateCallback] (timers.js:745:5)"
    } 
    

    Best regards,
    Wesley Santos


  • Admin

    I don't think that's the right syntax. But it's not a XO issue, it's a LDAP setting issue. Check what filter would work with your LDAP server, and it will work.


  • XCP-ng Center Team

    @wesleylc1 maybe the memberOf= needs a LDAP-Value like CN=blabla,OU=yadayada,DC=whatever?



  • @olivierlambert
    I think the error is related to the attributes of "OpenLDAP", but I'm not sure how to filter.


  • Admin

    You need to find/read documentation on LDAP filter for your server. Then it will work 🙂



  • Dear, is it possible to search with the "group and users" option?
    Best regards,
    Wesley Santos


Log in to reply