Project

General

Profile

Actions
Copy link

Bug #7137

closed

Foreman is not using LDAP account to bind to the directory

Added by Chuck Schweizer over 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominic Cleal
Category:
Authentication
Target version:
1.6.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
1.6.0
Red Hat JIRA:

Description

I have LDAP authentication running in Foreman 1.5.2 without any issues. I am starting to test 1.6.0-rc1 and have found that even though I have defined an LDAP account to bind with 1.6.2 is only attempting to use an anonymous connection. I am not using SSL for this ldap connection.

Actions
Copy link
 #1

Updated by Dominic Cleal over 9 years ago

  • Category set to Authentication
  • Target version set to 1.7.5
  • translation missing: en.field_release set to 10
Actions
Copy link
 #2

Updated by Chuck Schweizer over 9 years ago

Also this configuration is using POSIX.

Actions
Copy link
 #3

Updated by Chuck Schweizer over 9 years ago

Based on my limited understanding, it looks like POSIX server type is not setup to allow a Service Account in the LDAP Fluff code.

Actions
Copy link
 #4

Updated by Chuck Schweizer over 9 years ago

Here is what I had to change to fix my issue. Not sure if everything is fixed or if I broke something else.

https://github.com/csschwe/ldap_fluff/tree/POSIX_ldap_login_fix

Actions
Copy link
 #5

Updated by Dominic Cleal over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
Actions
Copy link
 #6

Updated by Dominic Cleal over 9 years ago

  • Status changed from Assigned to Ready For Testing

https://github.com/Katello/ldap_fluff/pull/31 submits the fix for group DN to look up users.

https://github.com/Katello/ldap_fluff/pull/32 allows use of a service account with POSIX servers. I tried to keep the original behaviours working, to allow anonymous searches and also determine the DN from a search of the directory for binds.

Actions
Copy link
 #7

Updated by Anonymous over 9 years ago

  • Target version changed from 1.7.5 to 1.7.4
Actions
Copy link
 #8

Updated by Dominic Cleal over 9 years ago

http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.

Actions
Copy link
 #9

Updated by Chuck Schweizer over 9 years ago

Dominic Cleal wrote:

http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.

This is working correctly for me. Thanks

Actions
Copy link
 #10

Updated by Dominic Cleal over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Thanks for the testing and patches. ldap_fluff 0.3.1 is being released into nightlies and 1.6.0-RC2.

Actions
Copy link

Also available in: Atom PDF