XOCE Integration with OpenLDAP



  • @julien-f Can you list what types of filters are supported by the plugin?


  • XO Team

    @wesleylc1 I'm not an expert, but it's a standard LDAP filter which is evaluated by the LDAP server, no special handling is done by the plugin itself.



  • @julien-f How can I download the new version of the plugin, according to the output below, I can not automatically query the filters through the script "/test-cli.js".

    ? uri ldap://192.168.xx.xx
    ? fill optional certificateAuthorities? No
    ? fill optional checkCertificate? No
    ? fill optional bind? Yes
    ? bind > dn cn=admin,c=br
    ? bind > password  XXXX
    ? base ou=XX,o=PRJ,c=BR
    ? fill optional filter? Yes
    ? filter (&(cn=gp-ti-infra)(memberUID={{name}}))
    configuration saved in ./ldap.cache.conf
    ? Username user01
    ? Password [hidden]
    attempting to bind with as cn=admin,c=br...
    successfully bound as cn=admin,c=br
    searching for entries...
    .
    1 entries found
    attempting to bind as cn=gp-ti-test,ou=Grupos,ou=XX,o=PRJ,c=BR
    failed to bind as cn=gp-ti-test,ou=Grupos,ou=XX,o=PRJ,c=BR: Invalid Credentials
    could not authenticate user1
    
    

  • XO Team

    @wesleylc1 For the upgrade, you need to ask the people behind the install script you used.

    Concerning the output, it will only show the entry if the authentication was successful, that's why you need to start by using the default filter.



  • The default filter is (uid = {{name}})?



  • @julien-f the filter "(& (cn = gp-ti-test) (memberUID = {{name}}))" is to release access to users of a group but "bind as" is not being mounted as it should

    ? uri ldap://192.168.XX.XX
    ? fill optional certificateAuthorities? No
    ? fill optional checkCertificate? No
    ? fill optional bind? Yes
    ? bind > dn cn=adm,c=br
    ? bind > password *****
    ? base ou=BH,o=PRJ,c=BR
    ? fill optional filter? Yes
    ? filter (&(cn=gp-ti-teste)(memberUID={{name}}))
    configuration saved in ./ldap.cache.conf
    ? Username user1
    ? Password [hidden]
    attempting to bind with as cn=adm,c=br...
    successfully bound as cn=adm,c=br
    searching for entries...
    .
    1 entries found
    attempting to bind as cn=gp-ti-teste,ou=Grupos,ou=BH,o=PRJ,c=BR
    failed to bind as cn=gp-ti-teste,ou=Grupos,ou=BH,o=PRJ,c=BR: Invalid Credentials
    could not authenticate user1
    
    

    Best regards,
    Wesley Santos


  • XO Team

    This does not appear to be an XO issue, more a config issue, I don't have much time to investigate this any further, maybe the rest of the community can help on this.



  • thank you.



  • you using openldap or trying to integrate with an actual MSAD ?

    My settings (to connect to MSAD)
    URI: ldap://adress.to.my.dc
    bind dn: myUserToConnectToDC@domain.com
    pass: password.to.user.in.bind.dn
    base: dc=domain,dc=com (because i've had set up restrictions on my user, thats why i pointed the full catalogue)
    filter: (sAMAccountName={{name}})

    try those 🙂


  • XCP-ng Center Team

    @Kudzu he uses OpenLDAP, as he said in this thread earlier.


Log in to reply