Project

General

Profile

Bug #7066

Unable to bind with DOMAIN\$login any longer

Added by Leah Fisher almost 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

When setting the bind account to DOMAIN/$login as the manual suggests for the 1.5 release, it doesn't look like we are translating it any longer into the actual user when logging in.

The log has the following when trying to log in:

Error during authentication: Could not bind to ActiveDirectory user GCITECH\$login
invalid user

I believe in 1.5.2 this error would be the actual user. When looking at the new code, there is nothing about the $login value as there was in the old code. Since I don't have logins working yet with any config, this is all speculation.


Related issues

Related to Foreman - Bug #7003: Unable to connect to AD through ldap login moduleClosed2014-08-08

Associated revisions

Revision 597bd2fb (diff)
Added by Dominic Cleal over 4 years ago

fixes #7066 - add back $login interpolation for LDAP service account usernames

In cases where an LDAP connection is required outside of the context of user
authentication (e.g. validation of external user group name), an error is
thrown. Users are recommended to use dedicated service accounts for this
new feature.

Revision 3b4f386e (diff)
Added by Dominic Cleal over 4 years ago

refs #7066 - fix syntax error in expression

Revision 0c30ba83 (diff)
Added by Dominic Cleal over 4 years ago

fixes #7066 - add back $login interpolation for LDAP service account usernames

In cases where an LDAP connection is required outside of the context of user
authentication (e.g. validation of external user group name), an error is
thrown. Users are recommended to use dedicated service accounts for this
new feature.

Revision 2c460896 (diff)
Added by Dominic Cleal over 4 years ago

refs #7066 - fix syntax error in expression

History

#1 Updated by Dominic Cleal almost 5 years ago

  • Category set to Authentication
  • Target version set to 1.7.5
  • Legacy Backlogs Release (now unused) set to 10

#2 Updated by Leah Fisher almost 5 years ago

  • Related to Bug #7003: Unable to connect to AD through ldap login module added

#3 Updated by Leah Fisher almost 5 years ago

I am able to log in with some changes to the code. Besides having to hardcode the bind user, I needed to update the code to also have the login connect with the domain.

So I did the following:
Account Name: Domain/foreman
Account Password: foreman

Edit line 50 of app/models/auth_sources/auth_source_ldap.rb to:
unless ldap_con.authenticate?("Domain\\#{login}", password)

#4 Updated by Dominic Cleal almost 5 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
  • Target version changed from 1.7.5 to 1.7.4

#5 Updated by The Foreman Bot almost 5 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/1709 added
  • Pull request deleted ()

#6 Updated by Dominic Cleal almost 5 years ago

http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has the ldap_fluff part of the patch (and all other open issues).

#7 Updated by Dominic Cleal over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF