Trying to configure ldap authentication in foreman with no luck.
I see only such strings in output log regarding ldap auth attempts.
Authenticating 'lab1\sergii' against 'LAB1 AD'LDAP-Auth with User
Lab1\foremaninvalid user
I use 100% correct credentials which is tested by login to AD with ldap
browser.
Packet exchange between foreman and AD is captured by tcpdum and looks ok.
Is it possible to get more debug information from foreman about
authenticating process (config.log_level = :debug already enabled) ?
Will be appreciate about any ideas.
Share your LDAP configuration. Without that, we are unable to help.
I have no experiences with MSAD, but with LDAP generally you can have
incorrect credentials in two cases:
LDAP bind
LDAP search
Not sure how MSAD reports that, with OpenLDAP this might be clearer I
guess.
LZ
···
On Wed, Mar 19, 2014 at 05:40:02PM -0700, Sergii Alieksanov wrote:
> Hello.
>
> Trying to configure ldap authentication in foreman with no luck.
> I see only such strings in output log regarding ldap auth attempts.
>
>
>
>
> *Authenticating 'lab1\sergii' against 'LAB1 AD'LDAP-Auth with User
> Lab1\foremaninvalid user*
> I use 100% correct credentials which is tested by login to AD with ldap
> browser.
> Packet exchange between foreman and AD is captured by tcpdum and looks ok.
>
> Is it possible to get more debug information from foreman about
> authenticating process (config.log_level = :debug already enabled) ?
> Will be appreciate about any ideas.
>
> Cheers,
> Sergii
>
> --
> You received this message because you are subscribed to the Google Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
The problem was with incorrect attributes.
To resolve problem I added some additional code into foreman to enhance
debug output.
···
On Friday, March 21, 2014 8:59:20 AM UTC-7, Lukas Zapletal wrote:
>
> Do you bind anonymous or particular user?
>
> Share your LDAP configuration. Without that, we are unable to help.
>
> I have no experiences with MSAD, but with LDAP generally you can have
> incorrect credentials in two cases:
>
> - LDAP bind
> - LDAP search
>
> Not sure how MSAD reports that, with OpenLDAP this might be clearer I
> guess.
>
> LZ
>
> On Wed, Mar 19, 2014 at 05:40:02PM -0700, Sergii Alieksanov wrote:
> > Hello.
> >
> > Trying to configure ldap authentication in foreman with no luck.
> > I see only such strings in output log regarding ldap auth attempts.
> >
> >
> >
> >
> > *Authenticating 'lab1\sergii' against 'LAB1 AD'LDAP-Auth with User
> > Lab1\foremaninvalid user*
> > I use 100% correct credentials which is tested by login to AD with ldap
> > browser.
> > Packet exchange between foreman and AD is captured by tcpdum and looks
> ok.
> >
> > Is it possible to get more debug information from foreman about
> > authenticating process (config.log_level = :debug already enabled) ?
> > Will be appreciate about any ideas.
> >
> > Cheers,
> > Sergii
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to foreman-user...@googlegroups.com .
> > To post to this group, send email to forema...@googlegroups.com.
>
> > Visit this group at http://groups.google.com/group/foreman-users.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> Later,
>
> Lukas "lzap" Zapletal
> irc: lzap #theforeman
>
