Yet another (it seems) LDAP topic

maverickws

Hi all,

We’re new to FOG, and following the setup of a FOG Server we’ve looked for LDAP integration as we use Red Hat’s IDM (also known on other distros as FreeIPA).

We use LDAP auth in everything that supports it, but we’re clearly having some issues putting this to work with FOG.

Our settings:

LDAP Connection Name:              <name>
LDAP Server description:           <desc>
LDAP Server Address:               <fqdn>
LDAP Server Port:                  389
Use Group Matching (recommended):  ticked
Search Base DN:                    dc=domain,dc=io
Group Search DN:                   cn=groups,cn=accounts,dc=domain,dc=io
Admin group:                       admins
Mobile Group:                      -
Initial template:                  -
User Name Attribute:               uid
Group Member Attribute:            memberOf
Search Scope:                      Subtree and Below
Bind DN:                           uid=bind_user,cn=sysaccounts,cn=etc,dc=domain,dc=io

Error message:

[15-Feb-2022 18:21:26 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=admins))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[15-Feb-2022 18:21:26 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[15-Feb-2022 18:21:27 UTC] Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!

Thank you

tenorio.leandro

@maverickws hello, for me worked when I removed the option group search base dn, I use admin and mobile option. Try for example, put the cn=groups, cn=accounts… in admin group or mobile group…

But I am a problem now that is when user access once, he began with admin, same when I am putting group mobile.

maverickws

@tenorio-leandro

Hi Leandro,
So what you mean is you have nothing on the “Group Base DN” field?
Ok, I just tested with that setting, but it failed the same. I also tested unticking the “Use Group Matching” both with an empty and filled “Group Base DN” but both failed anyway.

When I untick the “Use Group Matching” option I get an error saying “All methods of binding failed”.

I’m not sure what you meant by your last sentence? Is it like, all users are admins?

Oh I also tried putting the “Group Base DN” line into “Admin Group” but also gives me an error:

[16-Feb-2022 13:30:25 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=admins)(name=cn=groups)(name=cn=accounts)(name=dc=domain)(name=dc=io))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[16-Feb-2022 13:30:25 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[16-Feb-2022 13:30:25 UTC] Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!

Obrigado!