Bug #7137
Foreman is not using LDAP account to bind to the directory
Description
I have LDAP authentication running in Foreman 1.5.2 without any issues. I am starting to test 1.6.0-rc1 and have found that even though I have defined an LDAP account to bind with 1.6.2 is only attempting to use an anonymous connection. I am not using SSL for this ldap connection.
History
#1
Updated by Dominic Cleal almost 8 years ago
- Category set to Authentication
- Target version set to 1.7.5
- Legacy Backlogs Release (now unused) set to 10
#2
Updated by Chuck Schweizer almost 8 years ago
Also this configuration is using POSIX.
#3
Updated by Chuck Schweizer almost 8 years ago
Based on my limited understanding, it looks like POSIX server type is not setup to allow a Service Account in the LDAP Fluff code.
#4
Updated by Chuck Schweizer almost 8 years ago
Here is what I had to change to fix my issue. Not sure if everything is fixed or if I broke something else.
https://github.com/csschwe/ldap_fluff/tree/POSIX_ldap_login_fix
#5
Updated by Dominic Cleal almost 8 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
#6
Updated by Dominic Cleal almost 8 years ago
- Status changed from Assigned to Ready For Testing
https://github.com/Katello/ldap_fluff/pull/31 submits the fix for group DN to look up users.
https://github.com/Katello/ldap_fluff/pull/32 allows use of a service account with POSIX servers. I tried to keep the original behaviours working, to allow anonymous searches and also determine the DN from a search of the directory for binds.
#7
Updated by Dmitri Dolguikh almost 8 years ago
- Target version changed from 1.7.5 to 1.7.4
#8
Updated by Dominic Cleal almost 8 years ago
http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.
#9
Updated by Chuck Schweizer almost 8 years ago
Dominic Cleal wrote:
http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.
This is working correctly for me. Thanks
#10
Updated by Dominic Cleal almost 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Thanks for the testing and patches. ldap_fluff 0.3.1 is being released into nightlies and 1.6.0-RC2.