XOCE Integration with OpenLDAP
-
@DustinB If that's the case, then let's state that it's not what I meant. I'm just clarifying names
-
Hi @DustinB an image with the settings used by my openldap server.
plugin.test { "id": "auth-ldap", "data": { "username": "ws02", "password": "* obfuscated *" } } { "message": "192.168.45.11 is an invalid LDAP url (protocol)", "name": "TypeError", "stack": "TypeError: 192.168.45.11 is an invalid LDAP url (protocol) at Object.parse (/opt/xen-orchestra/node_modules/ldapjs/lib/url.js:16:13) at new Client (/opt/xen-orchestra/node_modules/ldapjs/lib/client/client.js:310:16) at createClient (/opt/xen-orchestra/node_modules/ldapjs/lib/client/index.js:54:12) at /opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:184:32 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:24:103) at _next (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:194) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:97 at AuthLdap._authenticate (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:177:61) at AuthLdap.wrapper [as _authenticate] (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15) at AuthLdap.test (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:167:16) at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:254:26 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:28:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:194) at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at /opt/xen-orchestra/packages/xo-server/dist/xo-mixins/plugins.js:30:97 at _default.testPlugin (/opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.js:228:29) at Xo.wrapper (/opt/xen-orchestra/node_modules/lodash/_createBind.js:23:15) at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/src/api/plugin.js:109:13) at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:15:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:194) at /opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:364 at Promise._execute (/opt/xen-orchestra/node_modules/bluebird/js/release/debuggability.js:313:9) at Promise._resolveFromExecutor (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:488:18) at new Promise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:79:10) at Xo.<anonymous> (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:17:97) at Xo.test (/opt/xen-orchestra/packages/xo-server/dist/api/plugin.js:162:16) at /opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.js:281:32 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:38:103) at _next (/opt/xen-orchestra/packages/xo-server/dist/xo-mixins/api.js:40:194) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromiseCtx (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:611:10) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:142:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }Best regards,
Wesley Santos -
@wesleylc1 the URI should look like:
ldap://<ip or fqdn> -
@borzel, I made the adjustment, now a new error appears.
plugin.test { "id": "auth-ldap", "data": { "username": "marcos", "password": "* obfuscated *" } } { "message": "could not authenticate user", "name": "Error", "stack": "Error: could not authenticate user at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }Best regards,
Wesley Santos -
@wesleylc1 at this stage I'm out
@olivierlambert or @julien-f maybe can help.
-
@borzel, thank you.
-
Hello, I was able to login with my ldap login, but I would like to specify a ldap user group.
Best regards,
Wesley Santos -
So use a filter with the group you want.
-
Changes made, as below.
Best regards,
Wesley Santos -
Why the group name is between
< >? -
I made the changes, but I continue with errors.
Group settings in "OpenLDAP".
plugin.test { "id": "auth-ldap", "data": { "username": "ws02", "password": "* obfuscated *" } } { "message": "could not authenticate user", "name": "Error", "stack": "Error: could not authenticate user at _authenticate.then.result (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:172:14) at tryCatcher (/opt/xen-orchestra/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:517:31) at Promise._settlePromise (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:574:18) at Promise._settlePromise0 (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:619:10) at Promise._settlePromises (/opt/xen-orchestra/node_modules/bluebird/js/release/promise.js:699:18) at _drainQueueStep (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:138:12) at _drainQueue (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:131:9) at Async._drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:147:5) at Immediate.Async.drainQueues (/opt/xen-orchestra/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:810:20) at tryOnImmediate (timers.js:768:5) at processImmediate [as _immediateCallback] (timers.js:745:5)" }Best regards,
Wesley Santos -
I don't think that's the right syntax. But it's not a XO issue, it's a LDAP setting issue. Check what filter would work with your LDAP server, and it will work.
-
@wesleylc1 maybe the
memberOf=needs a LDAP-Value likeCN=blabla,OU=yadayada,DC=whatever? -
@olivierlambert
I think the error is related to the attributes of "OpenLDAP", but I'm not sure how to filter. -
You need to find/read documentation on LDAP filter for your server. Then it will work
-
Dear, is it possible to search with the "group and users" option?
Best regards,
Wesley Santos -
@wesleylc1 As @olivierlambert said, this is an LDAP config issue, you need to know the structure of your LDAP server.
The
auth-ldapplugin comes with a CLI which is useful to test various configuration and figure out what is wrong:$ /usr/local/lib/node_modules/xo-server-auth-ldap/dist/test-cli.js ? uri -
Dear @julien-f ,
I was able to perform the integration with "OpenLDAP", but I can not apply the filter using "" memberOf "", I could identify, the filter does not occur because my "LDAP" uses old parameters, filters using the "memberUid" attribute. You have some examples of how I can apply to filter group users with the "memberUid" attribute.
Best regards,
Wesley Santos -
@wesleylc1 It really depends of the structure of your LDAP server.
I've just committed a new version of the plugin which makes the test CLI displays the matched entry on success, this helps figuring out what should be put in the filter field.
Example:
$ xo-server-auth-ldap ? uri ldap://ldap.company.net ? fill optional certificateAuthorities? No ? fill optional checkCertificate? No ? fill optional bind? No ? base ou=people,dc=company,dc=net ? fill optional filter? No configuration saved in ./ldap.cache.conf ? Username john.smith ? Password [hidden] searching for entries... . 1 entries found attempting to bind as uid=john.smith,ou=people,dc=company,dc=net successfully bound as uid=john.smith,ou=people,dc=company,dc=net => john.smith authenticated { "messageID": 1, "protocolOp": "SearchEntry", "objectName": "uid=john.smith,ou=people,dc=company,dc=net", "attributes": [ { "type": "cn", "vals": [ "John Smith" ] }, { "type": "gidNumber", "vals": [ "10000" ] }, { "type": "givenName", "vals": [ "John" ] }, { "type": "homeDirectory", "vals": [ "/home/john.smith" ] }, { "type": "initials", "vals": [ "JSH" ] }, { "type": "loginShell", "vals": [ "/bin/bash" ] }, { "type": "mail", "vals": [ "john.smith@company.net" ] }, { "type": "objectClass", "vals": [ "posixAccount", "inetOrgPerson", "organizationalPerson", "person" ] }, { "type": "sn", "vals": [ "Smith" ] }, { "type": "uid", "vals": [ "john.smith" ] }, { "type": "uidNumber", "vals": [ "10000" ] } ], "controls": [] } -
@julien-f With this test option would be perfect to find out which filter should I use, how do I update to this version of the plugin?
? uri 192.168.XX.XX ? fill optional certificateAuthorities? No ? fill optional checkCertificate? No ? fill optional bind? No ? base ou=BH,o=PRJ,c=BR ? fill optional filter? No configuration saved in ./ldap.cache.conf ? Username cn=adm,c=br ? Password [hidden] ā 192.168.xx.xx is an invalid LDAP url (protocol) TypeError: 192.168.XX.XX is an invalid LDAP url (protocol) at Object.parse (/opt/xen-orchestra/node_modules/ldapjs/lib/url.js:16:13) at new Client (/opt/xen-orchestra/node_modules/ldapjs/lib/client/client.js:310:16) at createClient (/opt/xen-orchestra/node_modules/ldapjs/lib/client/index.js:54:12) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:204:47 at Generator.next (<anonymous>) at asyncGeneratorStep (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:24:103) at _next (/opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:194) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:364 at new Promise (<anonymous>) at /opt/xen-orchestra/packages/xo-server-auth-ldap/dist/index.js:26:97Best regards,
Wesley Santos
