Actions
Bug #16966
closed
Ldap does not support CN authentication
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Description
We migrate from usage of privileged users to applications in ldap.
Our auth way should be changed from
uid=foreman,ou=People,dc=innogames,dc=net
to
cn=foreman,ou=Applications,dc=innogames,dc=net
But it does not work.
I get an error
2016-10-17T11:55:50 [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"LIQHXNAAWajPTTdxwHRAQqepbDB8pinNOgGQX0RQJFY=", "login"=>{"login"=>"login", "password"=>"[FILTERED]"}, "commit"=>"Вход"}
2016-10-17T11:55:50 [app] [W] Action failed
| LdapFluff::Generic::UnauthenticatedException: Could not bind to Posix user cn=foreman,ou=Applications,dc=innogames,dc=net
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/generic.rb:59:in `service_bind'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/generic.rb:20:in `user_exists?'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/ldap_fluff.rb:63:in `block in valid_user?'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/ldap_fluff.rb:94:in `block in instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications.rb:159:in `block in instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications.rb:159:in `instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/ldap_fluff.rb:93:in `instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/ldap_fluff-0.4.3/lib/ldap_fluff/ldap_fluff.rb:62:in `valid_user?'
| /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:56:in `authenticate'
| /usr/share/foreman/app/models/user.rb:197:in `try_to_login'
| /usr/share/foreman/app/controllers/users_controller.rb:71:in `login'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/abstract_controller/base.rb:189:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/rendering.rb:10:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/abstract_controller/callbacks.rb:20:in `block in process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:113:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:113:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:552:in `block (2 levels) in compile'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:495:in `block (2 levels) in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `block (2 levels) in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rails-observers-0.1.2/lib/rails/observers/action_controller/caching/sweeping.rb:73:in `around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:452:in `public_send'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:452:in `block in make_lambda'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `block in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `block in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:495:in `block (2 levels) in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `block (2 levels) in halting'
| /usr/share/foreman/app/controllers/concerns/application_shared.rb:13:in `set_timezone'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:429:in `block in make_lambda'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `block in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `block in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:495:in `block (2 levels) in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `block (2 levels) in halting'
| /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:429:in `block in make_lambda'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `block in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `block in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:495:in `block (2 levels) in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:306:in `block (2 levels) in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rails-observers-0.1.2/lib/rails/observers/action_controller/caching/sweeping.rb:73:in `around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:452:in `public_send'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:452:in `block in make_lambda'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:305:in `block in halting'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:494:in `block in around'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:502:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:86:in `run_callbacks'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/abstract_controller/callbacks.rb:19:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/rescue.rb:29:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications.rb:159:in `block in instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/notifications.rb:159:in `instrument'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/instrumentation.rb:30:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activerecord-4.1.14.2/lib/active_record/railties/controller_runtime.rb:18:in `process_action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/abstract_controller/base.rb:136:in `process'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionview-4.1.14.2/lib/action_view/rendering.rb:30:in `process'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal.rb:196:in `dispatch'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_controller/metal.rb:232:in `block in action'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/routing/route_set.rb:80:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/routing/route_set.rb:80:in `dispatch'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/routing/route_set.rb:48:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/journey/router.rb:73:in `block in call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/journey/router.rb:59:in `each'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/journey/router.rb:59:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/routing/route_set.rb:690:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/apipie-rails-0.3.6/lib/apipie/static_dispatcher.rb:65:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/apipie-rails-0.3.6/lib/apipie/extractor/recorder.rb:132:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/apipie-rails-0.3.6/lib/apipie/middleware/checksum_in_headers.rb:27:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/etag.rb:23:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/conditionalget.rb:35:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/head.rb:11:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
| /usr/share/foreman/lib/middleware/catch_json_parse_errors.rb:9:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/flash.rb:254:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/session/abstract/id.rb:225:in `context'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/session/abstract/id.rb:220:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/cookies.rb:562:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activerecord-4.1.14.2/lib/active_record/query_cache.rb:36:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activerecord-4.1.14.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:621:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/callbacks.rb:82:in `run_callbacks'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/rack/logger.rb:38:in `call_app'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/rack/logger.rb:22:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/request_id.rb:21:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/methodoverride.rb:21:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/runtime.rb:17:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/activesupport-4.1.14.2/lib/active_support/cache/strategy/local_cache_middleware.rb:26:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/actionpack-4.1.14.2/lib/action_dispatch/middleware/static.rb:84:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/sendfile.rb:112:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/engine.rb:514:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/application.rb:144:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/railtie.rb:194:in `public_send'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/railties-4.1.14.2/lib/rails/railtie.rb:194:in `method_missing'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/builder.rb:138:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/urlmap.rb:65:in `block in call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/urlmap.rb:50:in `each'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/rack-1.5.5/lib/rack/urlmap.rb:50:in `call'
| /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:74:in `process_request'
| /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:141:in `accept_and_process_next_request'
| /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:109:in `main_loop'
| /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:455:in `block (3 levels) in start_threads'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `call'
| /usr/share/foreman/vendor/ruby/2.1.0/gems/logging-2.1.0/lib/logging/diagnostic_context.rb:450:in `block in create_with_logging_context'
2016-10-17T11:55:50 [app] [I] Rendered common/500.html.erb within layouts/application (1.7ms)
Updated by Dominic Cleal almost 8 years ago
- Category set to Authentication
I don't think Foreman or ldap_fluff performs any parsing of the bind DN, so it seems more likely that the DN/password are incorrect or it really isn't able to bind to the LDAP server. Enabling LDAP debug logs may confirm that the full DN is being used (https://theforeman.org/manuals/1.13/index.html#7.2Debugging).
Updated by Dominic Cleal almost 8 years ago
Also ensure the password is actually stored and used in Foreman. It doesn't look like you're using a current version, it's possible there is a bug that has deleted the current password when changing the DN.
Updated by Oleg Obleukhov almost 8 years ago
Dominic Cleal wrote:
Also ensure the password is actually stored and used in Foreman. It doesn't look like you're using a current version, it's possible there is a bug that has deleted the current password when changing the DN.
I will check again, but it basically complains on not having uid in there. If I have wrong password - it complains very clear.
Updated by Dominic Cleal almost 8 years ago
- Status changed from New to Rejected
Thanks for confirming.
Actions