Project

General

Profile

Bug #7137

Foreman is not using LDAP account to bind to the directory

Added by Chuck Schweizer over 4 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Dominic Cleal
Category:
Authentication
Target version:
1.6.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:
1.6.0

Description

I have LDAP authentication running in Foreman 1.5.2 without any issues. I am starting to test 1.6.0-rc1 and have found that even though I have defined an LDAP account to bind with 1.6.2 is only attempting to use an anonymous connection. I am not using SSL for this ldap connection.

History

#1 Updated by Dominic Cleal over 4 years ago

  • Category set to Authentication
  • Target version set to 1.7.5
  • Legacy Backlogs Release (now unused) set to 10

#2 Updated by Chuck Schweizer over 4 years ago

Also this configuration is using POSIX.

#3 Updated by Chuck Schweizer over 4 years ago

Based on my limited understanding, it looks like POSIX server type is not setup to allow a Service Account in the LDAP Fluff code.

#4 Updated by Chuck Schweizer over 4 years ago

Here is what I had to change to fix my issue. Not sure if everything is fixed or if I broke something else.

https://github.com/csschwe/ldap_fluff/tree/POSIX_ldap_login_fix

#5 Updated by Dominic Cleal over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal

#6 Updated by Dominic Cleal over 4 years ago

  • Status changed from Assigned to Ready For Testing

https://github.com/Katello/ldap_fluff/pull/31 submits the fix for group DN to look up users.

https://github.com/Katello/ldap_fluff/pull/32 allows use of a service account with POSIX servers. I tried to keep the original behaviours working, to allow anonymous searches and also determine the DN from a search of the directory for binds.

#7 Updated by Dmitri Dolguikh over 4 years ago

  • Target version changed from 1.7.5 to 1.7.4

#8 Updated by Dominic Cleal over 4 years ago

http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.

#9 Updated by Chuck Schweizer over 4 years ago

Dominic Cleal wrote:

http://koji.katello.org/koji/taskinfo?taskID=143822 (noarch.rpm) has all of the open ldap_fluff PRs patched in, if you wanted to test it.

This is working correctly for me. Thanks

#10 Updated by Dominic Cleal over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Thanks for the testing and patches. ldap_fluff 0.3.1 is being released into nightlies and 1.6.0-RC2.

Also available in: Atom PDF