Failure to authenticate with Jumpcloud ldap

daniejstriata · January 13, 2021, 1:39pm

I need to setup authentication using ldap. The provider is Jumpcloud and they provide a ldap service using LDAPS. Foreman was previously configured to successfully allow users to authenticate but the config was lost when the admin left and the foreman was reinstalled without saving the connection settings.

Jumpcloud uses a username and password to authenticate over ldaps. I use a very similar configuration for Portainer that works. Foreman does not and I am unable to find any logs that can help me identify the issue. I’ve reached out to Jumpcloud but they are not able to assist with the configuration as they are not familiar with Foreman.

When I login on my current config I get this warning page:

I ran the command, foreman-rake errors:fetch_log, recommended to me but I don’t know where or how it saved the log entries. What do I do once I run it?

Are there any tips and tricks I can look at that will help me configure ldap? Foreman’s LDAP documentation is a bit sparce. The guys on the IRC channel was also not able to assist. I want to be able to see logs that will tell my why my LDAP is not working. I believe I will need a LDAP filter and the filter I use works for Portainer but not for Foreman.

Expected outcome:
Improve ldap logging

Foreman and Proxy versions:
2.2.2

Foreman and Proxy plugin versions:

Distribution and version:
Centos 7

Other relevant data:

daniejstriata · January 13, 2021, 1:45pm

I see this in production.log

2021-01-13T12:30:52 [W|app|fe6d472b] Could not bind to Posix user srv.ldap
2021-01-13T12:30:52 [I|app|fe6d472b] Backtrace for ‘Could not bind to Posix user srv.ldap’ error (LdapFluff::Generic::UnauthenticatedException): Could not bind to Posix user srv.ldap

daniejstriata · January 13, 2021, 2:19pm

I added to /etc/foreman/settings.yaml inside :loggers:

:loggers:
:ldap:\n :enabled: true
and restarted httpd. This did not make a difference to the log output.

richhickson · January 13, 2021, 8:41pm

Sorry - im, not a Foreman user, just doing some research into another JumpCloud LDAP problem and stumbled across your post. I thought it might be worth pointing you at the JumpCloud Slack lounge Where there is probably another JumpCloud/Foreman user who can help?

daniejstriata · January 13, 2021, 8:48pm

Thank you. I’ll check it out.

tbrisker · January 14, 2021, 8:47am

The change to settings.yaml should be:

:loggers:
  :ldap:
    :enabled: true

but i’m not sure if that will give you further information (it might, worth trying anyways)

tbrisker · January 14, 2021, 8:50am

Also, you may want to try changing the log level to debug:

:logging:
  :level: debug