auth-ldap (v0.6.4) - LDAP authentication plugin for XO-Server
-
By XOA I mean XOA The virtual appliance you download/deploy from https://xen-orchestra.com/#!/xoa not your install from the sources (I'm not sure which one are you using).
Ping @pdonias when he can take a look
-
Ok I got the versions from the About tab from the WebUI.
I could not get the appliance to build using the the URL that you send so I followed the guide below that to install. Under the XOA tab I have current version listed as Current version: 5.50.3
Does that make a difference? -
@pdonias will take a look when he can
-
We periodically build XO from source; and I'm seeing similar issues after updating our orchestra instance last Friday. Current versions reported through the "About" are xo-server 5.68.0 and xo-web 5.72.0, with ldap-auth v0.6.2.
LDAP logins are failing now where they were working before. Locally defined users within the app are unaffected. The
test-cli.js
seems to work as expected in regards to the actual LDAP interaction, but then fails when trying to authenticate as the returned user:Hope this helps.
-
re-ping @pdonias
-
Hi,
@willruss1, we made quite a lot of changes on the LDAP plugin, the latest version is
0.9.0
. Could you update it and retry?@gr85z
5.50.3
is the current "stable" version of XO. The latest changes of the LDAP plugin are still in the "latest" channel. You can change the channel on the right hand side of the updater page and then click on Upgrade. Then, the "current version" should say5.51.1
. You can then check your LDAP plugin configuration and retry.Also, can you tell us about the issue you had with the deploy from https://xen-orchestra.com/#!/xoa? Did you get an error message?
Thanks!
-
@pdonias OK I upgraded to the latest-
Current version: 5.51.1- node: 12.18.2
- npm: 4.6.1
- xen-orchestra-upload-ova: 0.1.3
- xo-server: 5.68.0
- xo-server-telemetry: 0.3.0
- xo-server-xoa: 0.10.0
- xo-web-free: 5.72.0
- xoa-cli: 0.21.1
- xoa-updater: 0.31.0
LDAP plugin still at 0.6.4
I install the plugin as follows -npm install --global xo-server-auth-ldap
Output was
/usr/local/bin/xo-server-auth-ldap -> /usr/local/lib/node_modules/xo-server-auth-ldap/dist/test-cli.js /usr/local/lib āāā xo-server-auth-ldap@0.6.4
LDAP test on webui still does not work.
In regards to the install from web I could not get it to connect to my VM even after following all the guides I could find to make sure the server was setup correctly. So I followed guide documentation which pull from git.
-
@pdonias updating was exactly the fix. Apparently past me did some hacky stuff that finally came back to bite me. There was a manually installed older version of the plugin that was interfering.
All is better now, for me at least.
-
@gr85z said in auth-ldap (v0.6.4) - LDAP authentication plugin for XO-Server:
So I followed guide documentation which pull from git.
Ok, so if you install it from the sources, don't install the plugins from NPM, use the source code from the repository instead. (we just marked them as deprecated on NPM since it could be confusing). All the plugins are in the
packages
folder. You can use Yarn'slink
feature to easily linkxo-server-auth-ldap
toxo-server
. -
@willruss1 Ok, great!
-
@pdonias Tried the yarn command
yarn link 00h00m00s 0/0: : ERROR: [Errno 2] No such file or directory: 'link'
Maybe I have the source all messed up and need to start from scratch, is there a good install guide to setup server and the use the deploy page?
-
-
@pdonias
OK so I finally figured it out and got the turnkey to work.
When it was asking for server didn't realize it was asking for the XEN server. Thought it was asking for VM.
Now I have it deployed and configurations from other XOA with all my hosts, pools, and VMs etc..
I search on the new XOA for the xo-server-auth-ldap and couldn't find anything. Also there is no yarn.
I could be missing something simple to get the plugin installed. Based on the documentation it seems like it should be there and just have to turn it on. Below are the only 2 plugins I have listed.Thanks
-
You have no LDAP plugin on XOA Free. You need to register for the trial and then you'll see an update in your XOA, and plugin will appear after that.
-
@olivierlambert does that mean when trial is up the plugin will go away? I have already used the trial.
If it is only part of the paid version we are looking at doing that starting in Q1 next year.Thanks
-
That's correct. When the trial ends, you go back to XOA Free.
I can extend the trial for 15 more days if you need.
-
@olivierlambert no need to extend trial , thank you though. I will put out the communication to team and see if they want to do before the beginning of the year.
-
I had a lot of trouble getting the LDAP integration to work with Active Directory domain controllers, and i kept finding this post over and over.
So i wanted to share my configuration and make it easier on others trying to do the same thing in the future.Using this config i was able to get everything working, but i found a few limitations:
- Xen Orchestra cannot find any group members where the member has the "Primary Group" attribute set.
- Only direct members of a group are recognized (nested groups don't work).
- When signing in, i have to specify "username" instead of "username@cxlab.domain.com"
- Groups are created by clicking "Synchronize LDAP groups", however users are not created until they sign into XOA the first time.
- Users are not deleted from Xen Orchestra when they are removed from the domain. (but they can no longer log in to XOA)
auth-ldap (v0.10.6) - LDAP authentication plugin for XO-Server
Auto-load at server start [checked]Configuration
URI: ldap://domaincontroller1.cxlab.domain.com **Certificate Authorities** Check certificate [disabled] Use StartTLS [disabled] Base: DC=cxlab,DC=domain,DC=com **Credentials** dn: cxadmin@cxlab.domain.com password: ****************** User filter: (sAMAccountName={{name}}) ID attribute: dn **Synchronize groups** [checked] Fill information (optional) Base: CN=Users,DC=cxlab,DC=domain,DC=com Filter: (ObjectClass=group) ID attribute: dn Display name attribute: cn **Members mapping** Group attribute: member User attribute: dn
-