• Register
    • Login
    • Search
    • Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Yet another (it seems) LDAP topic

    General
    2
    3
    52
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maverickws last edited by maverickws

      Hi all,

      We’re new to FOG, and following the setup of a FOG Server we’ve looked for LDAP integration as we use Red Hat’s IDM (also known on other distros as FreeIPA).

      We use LDAP auth in everything that supports it, but we’re clearly having some issues putting this to work with FOG.

      Our settings:

      LDAP Connection Name:              <name>
LDAP Server description:           <desc>
LDAP Server Address:               <fqdn>
LDAP Server Port:                  389
Use Group Matching (recommended):  ticked
Search Base DN:                    dc=domain,dc=io
Group Search DN:                   cn=groups,cn=accounts,dc=domain,dc=io
Admin group:                       admins
Mobile Group:                      -
Initial template:                  -
User Name Attribute:               uid
Group Member Attribute:            memberOf
Search Scope:                      Subtree and Below
Bind DN:                           uid=bind_user,cn=sysaccounts,cn=etc,dc=domain,dc=io

      Error message:

      [15-Feb-2022 18:21:26 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=admins))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[15-Feb-2022 18:21:26 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[15-Feb-2022 18:21:27 UTC] Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!

      Thank you

      T 1 Reply Last reply Reply Quote 0
      • M
        maverickws @tenorio.leandro last edited by maverickws

        @tenorio-leandro

        Hi Leandro,
        So what you mean is you have nothing on the “Group Base DN” field?
        Ok, I just tested with that setting, but it failed the same. I also tested unticking the “Use Group Matching” both with an empty and filled “Group Base DN” but both failed anyway.

        When I untick the “Use Group Matching” option I get an error saying “All methods of binding failed”.

        I’m not sure what you meant by your last sentence? Is it like, all users are admins?

        Oh I also tried putting the “Group Base DN” line into “Admin Group” but also gives me an error:

        [16-Feb-2022 13:30:25 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=cn=admins)(name=cn=groups)(name=cn=accounts)(name=dc=domain)(name=dc=io))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[16-Feb-2022 13:30:25 UTC] Plugin LDAP::_result(). Search Method: search; Filter: (&(|(name=))(memberof=uid=admin_user,cn=users,cn=accounts,dc=domain,dc=io)); Result: 0
[16-Feb-2022 13:30:25 UTC] Plugin LDAP::authLDAP() Access level is still 0 or false. No access is allowed!

        Obrigado! 😉

        1 Reply Last reply Reply Quote 0
        • T
          tenorio.leandro @maverickws last edited by

          @maverickws hello, for me worked when I removed the option group search base dn, I use admin and mobile option. Try for example, put the cn=groups, cn=accounts… in admin group or mobile group…

          But I am a problem now that is when user access once, he began with admin, same when I am putting group mobile.

          M 1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post

          194
          Online

          10.4k
          Users

          16.4k
          Topics

          150.6k
          Posts

          Copyright © 2012-2023 FOG Project