Hello everyone,
I am struggling to make ldap auth works without sucess. Even I tried
both on debian6 and centos 6 setup. The strange thing is that seems no
body reported this problem so I am not sure what I did wrong.
What I did is click Setting / LDAP Authentication and setup one ldap
server
Account: I fill it with $login, I also tried using cn=$login,base_dn
Password leave empty
Attr : uid
firstname: givenName
lasname: sn
attr mail: mail
I did not check the On-the-fly user creation but if I do not supplie
uid it complain. So did not check but still need to fill it in.
Then enable ldap in the settings.yaml file. Login always say Incorrect
username or password
I manually bind from the host I ran using that ldap credential and
success. This is the 389 directory server if it matters.
Please help as I could not think of anything else I might be wrong
here,
Thanks
> Hello everyone,
>
> I am struggling to make ldap auth works without sucess. Even I tried
> both on debian6 and centos 6 setup. The strange thing is that seems no
> body reported this problem so I am not sure what I did wrong.
>
> What I did is click Setting / LDAP Authentication and setup one ldap
> server
>
> Account: I fill it with $login, I also tried using cn=$login,base_dn
>
> Password leave empty
>
>
> Attr : uid
> firstname: givenName
> lasname: sn
> attr mail: mail
>
> I did not check the On-the-fly user creation but if I do not supplie
> uid it complain. So did not check but still need to fill it in.
>
> Then enable ldap in the settings.yaml file. Login always say Incorrect
> username or password
>
> I manually bind from the host I ran using that ldap credential and
> success. This is the 389 directory server if it matters.
>
> Please help as I could not think of anything else I might be wrong
> here,
My guess is you are missing something simple, try turning on debug
messages[1], probably this should reveal a little bit more:
Ohad
[1] - Troubleshooting - Foreman
···
On Thu, Aug 25, 2011 at 9:07 AM, peace wrote:
Thanks
–
You received this message because you are subscribed to the Google Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foreman-users?hl=en.
Have actually turned debug on but found nothing useful in the log though
it print out several select statement and I saw it select from users table.
Use mysql and found no user is set at all. I guess why it still try to
access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
···
On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy wrote:
On Thu, Aug 25, 2011 at 9:07 AM, peace msh.computing@gmail.com wrote:
Hello everyone,
I am struggling to make ldap auth works without sucess. Even I tried
both on debian6 and centos 6 setup. The strange thing is that seems no
body reported this problem so I am not sure what I did wrong.
What I did is click Setting / LDAP Authentication and setup one ldap
server
Account: I fill it with $login, I also tried using cn=$login,base_dn
Password leave empty
Attr : uid
firstname: givenName
lasname: sn
attr mail: mail
I did not check the On-the-fly user creation but if I do not supplie
uid it complain. So did not check but still need to fill it in.
Then enable ldap in the settings.yaml file. Login always say Incorrect
username or password
I manually bind from the host I ran using that ldap credential and
success. This is the 389 directory server if it matters.
Please help as I could not think of anything else I might be wrong
here,
My guess is you are missing something simple, try turning on debug
messages[1], probably this should reveal a little bit more:
Ohad
[1] -
Troubleshooting - Foreman
Thanks
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
>
> Have actually turned debug on but found nothing useful in the log though
>
> it print out several select statement and I saw it select from users
table. Use mysql and found no user is set at all. I guess why it still try
to access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
Please paste the log output.
Thanks
Ohad
>
>
>
>>
>> > Hello everyone,
>> >
>> > I am struggling to make ldap auth works without sucess. Even I tried
>> > both on debian6 and centos 6 setup. The strange thing is that seems no
>> > body reported this problem so I am not sure what I did wrong.
>> >
>> > What I did is click Setting / LDAP Authentication and setup one ldap
>> > server
>> >
>> > Account: I fill it with $login, I also tried using cn=$login,base_dn
>> >
>> > Password leave empty
>> >
>> >
>> > Attr : uid
>> > firstname: givenName
>> > lasname: sn
>> > attr mail: mail
>> >
>> > I did not check the On-the-fly user creation but if I do not supplie
>> > uid it complain. So did not check but still need to fill it in.
>> >
>> > Then enable ldap in the settings.yaml file. Login always say Incorrect
>> > username or password
>> >
>> > I manually bind from the host I ran using that ldap credential and
>> > success. This is the 389 directory server if it matters.
>> >
>> > Please help as I could not think of anything else I might be wrong
>> > here,
>>
>> My guess is you are missing something simple, try turning on debug
>> messages[1], probably this should reveal a little bit more:
>>
>> Ohad
>>
>> [1] -
http://theforeman.org/projects/foreman/wiki/Troubleshooting#How-do-I-enable-debugging
>>
>> >
>> > Thanks
>> >
>> > –
>> > You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>> > To post to this group, send email to foreman-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>> >
>> >
>>
>> –
>> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>>
>
>
>
> –
> Steve Kieu
>
> –
> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
···
On 2011 8 25 13:43, "Steve Kieu" wrote:
> On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy wrote:
>> On Thu, Aug 25, 2011 at 9:07 AM, peace wrote:
Hi
Just check the ldap again and enable ldap, restart it, and capture these log
Processing UsersController#logout (for 10.200.9.194 at 2011-08-25 16:20:27)
[GET]
Parameters: {"action"=>"logout", "controller"=>"users"}
Setting current user thread-local variable to nil
Redirected to http://10.200.10.63:3000/users/login
Completed in 5ms (DB: 3) | 302 Found [http://10.200.10.63/users/logout]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:27)
[GET]
Parameters: {"action"=>"login", "controller"=>"users"}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 10ms (View: 8, DB: 22) | 200 OK [
http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:44)
[POST]
Parameters: {"action"=>"login",
"authenticity_token"=>"yOPPl+NeyQ9bNAV00oqm5wws+SFVg9ZK2huI+SSqe4s=",
"controller"=>"users", "login"=>{"password"=>"[FILTERED]",
"login"=>"stevek"}}
Setting current user thread-local variable to nil
User Load (0.1ms) SELECT * FROM users WHERE (users.login =
'stevek') LIMIT 1
Setting current user thread-local variable to nil
Role Load (0.1ms) SELECT * FROM roles WHERE (roles.name =
'Anonymous') LIMIT 1
Redirected to http://10.200.10.63:3000/users/login
Completed in 3ms (DB: 1) | 302 Found [http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:44)
[GET]
Parameters: {"action"=>"login", "controller"=>"users"}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 6ms (View: 4, DB: 1) | 200 OK [http://10.200.10.63/users/login]
cheers
···
On Thu, Aug 25, 2011 at 10:11 PM, Ohad Levy wrote:
On 2011 8 25 13:43, “Steve Kieu” msh.computing@gmail.com wrote:
Have actually turned debug on but found nothing useful in the log though
it print out several select statement and I saw it select from users
table. Use mysql and found no user is set at all. I guess why it still try
to access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
Please paste the log output.
Thanks
Ohad
On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy ohadlevy@gmail.com wrote:
On Thu, Aug 25, 2011 at 9:07 AM, peace msh.computing@gmail.com wrote:
Hello everyone,
I am struggling to make ldap auth works without sucess. Even I tried
both on debian6 and centos 6 setup. The strange thing is that seems no
body reported this problem so I am not sure what I did wrong.
What I did is click Setting / LDAP Authentication and setup one ldap
server
Account: I fill it with $login, I also tried using cn=$login,base_dn
Password leave empty
Attr : uid
firstname: givenName
lasname: sn
attr mail: mail
I did not check the On-the-fly user creation but if I do not supplie
uid it complain. So did not check but still need to fill it in.
Then enable ldap in the settings.yaml file. Login always say Incorrect
username or password
I manually bind from the host I ran using that ldap credential and
success. This is the 389 directory server if it matters.
Please help as I could not think of anything else I might be wrong
here,
My guess is you are missing something simple, try turning on debug
messages[1], probably this should reveal a little bit more:
Ohad
[1] -
Troubleshooting - Foreman
Thanks
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
>
> Hi
>
> Just check the ldap again and enable ldap, restart it, and capture these
log
>
Either you set on the fly creation, or you need to create the accounts
first.
Ohad
> Processing UsersController#logout (for 10.200.9.194 at 2011-08-25
16:20:27) [GET]
> Parameters: {"action"=>"logout", "controller"=>"users"}
> Setting current user thread-local variable to nil
> Redirected to http://10.200.10.63:3000/users/login
> Completed in 5ms (DB: 3) | 302 Found [http://10.200.10.63/users/logout]
>
>
> Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:27)
[GET]
> Parameters: {"action"=>"login", "controller"=>"users"}
> Setting current user thread-local variable to nil
> Rendering template within layouts/application
> Rendering users/login
> Rendered home/_topbar (0.5ms)
> Completed in 10ms (View: 8, DB: 22) | 200 OK [
http://10.200.10.63/users/login]
>
>
> Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:44)
[POST]
> Parameters: {"action"=>"login",
"authenticity_token"=>"yOPPl+NeyQ9bNAV00oqm5wws+SFVg9ZK2huI+SSqe4s=",
"controller"=>"users", "login"=>{"password"=>"[FILTERED]",
"login"=>"stevek"}}
> Setting current user thread-local variable to nil
> User Load (0.1ms) SELECT * FROM users WHERE (users.login =
'stevek') LIMIT 1
> Setting current user thread-local variable to nil
> Role Load (0.1ms) SELECT * FROM roles WHERE (roles.name =
'Anonymous') LIMIT 1
> Redirected to http://10.200.10.63:3000/users/login
> Completed in 3ms (DB: 1) | 302 Found [http://10.200.10.63/users/login]
>
>
> Processing UsersController#login (for 10.200.9.194 at 2011-08-25 16:20:44)
[GET]
> Parameters: {"action"=>"login", "controller"=>"users"}
> Setting current user thread-local variable to nil
> Rendering template within layouts/application
> Rendering users/login
> Rendered home/_topbar (0.5ms)
> Completed in 6ms (View: 4, DB: 1) | 200 OK [
http://10.200.10.63/users/login]
>
>
>
> cheers
>
>
>
>
>
>
>
>
>>
>>
>> >
>> > Have actually turned debug on but found nothing useful in the log
though
>> >
>> > it print out several select statement and I saw it select from users
table. Use mysql and found no user is set at all. I guess why it still try
to access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
>>
>> Please paste the log output.
>>
>> Thanks
>> Ohad
>>
>>
>> >
>> >
>> >
>> >>
>> >> > Hello everyone,
>> >> >
>> >> > I am struggling to make ldap auth works without sucess. Even I tried
>> >> > both on debian6 and centos 6 setup. The strange thing is that seems
no
>> >> > body reported this problem so I am not sure what I did wrong.
>> >> >
>> >> > What I did is click Setting / LDAP Authentication and setup one ldap
>> >> > server
>> >> >
>> >> > Account: I fill it with $login, I also tried using
cn=$login,base_dn
>> >> >
>> >> > Password leave empty
>> >> >
>> >> >
>> >> > Attr : uid
>> >> > firstname: givenName
>> >> > lasname: sn
>> >> > attr mail: mail
>> >> >
>> >> > I did not check the On-the-fly user creation but if I do not supplie
>> >> > uid it complain. So did not check but still need to fill it in.
>> >> >
>> >> > Then enable ldap in the settings.yaml file. Login always say
Incorrect
>> >> > username or password
>> >> >
>> >> > I manually bind from the host I ran using that ldap credential and
>> >> > success. This is the 389 directory server if it matters.
>> >> >
>> >> > Please help as I could not think of anything else I might be wrong
>> >> > here,
>> >>
>> >> My guess is you are missing something simple, try turning on debug
>> >> messages[1], probably this should reveal a little bit more:
>> >>
>> >> Ohad
>> >>
>> >> [1] -
Troubleshooting - Foreman
>> >>
>> >> >
>> >> > Thanks
>> >> >
>> >> > –
>> >> > You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>> >> > To post to this group, send email to foreman-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> >> > For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>> >> >
>> >> >
>> >>
>> >> –
>> >> You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>> >> To post to this group, send email to foreman-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> >> For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>> >>
>> >
>> >
>> >
>> > –
>> > Steve Kieu
>> >
>> > –
>> > You received this message because you are subscribed to the Google
Groups "Foreman users" group.
>> > To post to this group, send email to foreman-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> > For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>>
>> –
>> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
>
>
>
>
> –
> Steve Kieu
>
> –
> You received this message because you are subscribed to the Google Groups
"Foreman users" group.
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
···
On 2011 8 25 15:22, "Steve Kieu" wrote:
> On Thu, Aug 25, 2011 at 10:11 PM, Ohad Levy wrote:
>> On 2011 8 25 13:43, "Steve Kieu" wrote:
>> > On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy wrote:
>> >> On Thu, Aug 25, 2011 at 9:07 AM, peace wrote:
Sorry I do not understand. I mean in ldap server, my account exists there (I
used it to login tomany other system using ldap)
So create account on the fly with foreman means to create on the foreman
system user account? I will try and see how it goes but I interpreted that
it try to create account in the ldap server if it does not exists - some
wording might need to reconsider as it is confusing.
thanks
···
On Fri, Aug 26, 2011 at 12:03 AM, Ohad Levy wrote:
On 2011 8 25 15:22, “Steve Kieu” msh.computing@gmail.com wrote:
Hi
Just check the ldap again and enable ldap, restart it, and capture these
log
Either you set on the fly creation, or you need to create the accounts
first.
Ohad
Processing UsersController#logout (for 10.200.9.194 at 2011-08-25
16:20:27) [GET]
Parameters: {“action”=>“logout”, “controller”=>“users”}
Setting current user thread-local variable to nil
Redirected to http://10.200.10.63:3000/users/login
Completed in 5ms (DB: 3) | 302 Found [http://10.200.10.63/users/logout]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:27) [GET]
Parameters: {“action”=>“login”, “controller”=>“users”}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 10ms (View: 8, DB: 22) | 200 OK [
http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:44) [POST]
Parameters: {“action”=>“login”,
“authenticity_token”=>“yOPPl+NeyQ9bNAV00oqm5wws+SFVg9ZK2huI+SSqe4s=”,
“controller”=>“users”, “login”=>{“password”=>"[FILTERED]",
“login”=>“stevek”}}
Setting current user thread-local variable to nil
User Load (0.1ms) SELECT * FROM users WHERE (users.login =
‘stevek’) LIMIT 1
Setting current user thread-local variable to nil
Role Load (0.1ms) SELECT * FROM roles WHERE (roles.name =
‘Anonymous’) LIMIT 1
Redirected to http://10.200.10.63:3000/users/login
Completed in 3ms (DB: 1) | 302 Found [http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:44) [GET]
Parameters: {“action”=>“login”, “controller”=>“users”}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 6ms (View: 4, DB: 1) | 200 OK [
http://10.200.10.63/users/login]
cheers
On Thu, Aug 25, 2011 at 10:11 PM, Ohad Levy ohadlevy@gmail.com wrote:
On 2011 8 25 13:43, “Steve Kieu” msh.computing@gmail.com wrote:
Have actually turned debug on but found nothing useful in the log
though
it print out several select statement and I saw it select from users
table. Use mysql and found no user is set at all. I guess why it still try
to access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
Please paste the log output.
Thanks
Ohad
On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy ohadlevy@gmail.com > wrote:
On Thu, Aug 25, 2011 at 9:07 AM, peace msh.computing@gmail.com > wrote:
Hello everyone,
I am struggling to make ldap auth works without sucess. Even I
tried
both on debian6 and centos 6 setup. The strange thing is that seems
no
body reported this problem so I am not sure what I did wrong.
What I did is click Setting / LDAP Authentication and setup one
ldap
server
Account: I fill it with $login, I also tried using
cn=$login,base_dn
Password leave empty
Attr : uid
firstname: givenName
lasname: sn
attr mail: mail
I did not check the On-the-fly user creation but if I do not
supplie
uid it complain. So did not check but still need to fill it in.
Then enable ldap in the settings.yaml file. Login always say
Incorrect
username or password
I manually bind from the host I ran using that ldap credential and
success. This is the 389 directory server if it matters.
Please help as I could not think of anything else I might be wrong
here,
My guess is you are missing something simple, try turning on debug
messages[1], probably this should reveal a little bit more:
Ohad
[1] -
Troubleshooting - Foreman
Thanks
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to
foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
OK enable on the fly user creation does not help
Processing UsersController#login (for 10.200.0.236 at 2011-08-26 03:28:14)
[POST]
Parameters: {"action"=>"login",
"authenticity_token"=>"FywP1h2gViADEaMPSG/aZ68tTO/AGoxgG+Z62GFwzCQ=",
"controller"=>"users", "login"=>{"password"=>"[FILTERED]",
"login"=>"stevek"}}
Setting current user thread-local variable to nil
User Load (0.1ms) SELECT * FROM users WHERE (users.login =
'stevek') LIMIT 1
AuthSource Load (0.1ms) SELECT * FROM auth_sources
AuthSourceInternal Columns (0.5ms) SHOW FIELDS FROM auth_sources
Authenticating 'stevek' against 'Internal'
User Load (0.2ms) SELECT * FROM users WHERE (login='stevek') LIMIT 1
Authenticating 'stevek' against 'ldap'
LDAP-Auth with User login
Role Load (0.2ms) SELECT * FROM roles WHERE (roles.name =
'Anonymous') LIMIT 1
Redirected to http://puppet:3000/users/login
Completed in 9ms (DB: 38) | 302 Found [http://puppet/users/login]
Processing UsersController#login (for 10.200.0.236 at 2011-08-26 03:28:14)
[GET]
Parameters: {"action"=>"login", "controller"=>"users"}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Rendered common/_searchbar (1.1ms)
Completed in 7ms (View: 6, DB: 2) | 200 OK [http://puppet/users/login
I will attached the ldap setting window here to see if I miss something
obvious. Tried with the Attr firstname and mail leave empty as well as I
could not see these attributes in the ldap server - and could not add it (do
not know why PosixAccount prevent adding it even it is Org Person already.
but I guess foreman does nto need this, probabaly the only thing it needs is
uid to be matched.
Thanks,
···
On Fri, Aug 26, 2011 at 9:10 AM, Steve Kieu wrote:
Sorry I do not understand. I mean in ldap server, my account exists there
(I used it to login tomany other system using ldap)
So create account on the fly with foreman means to create on the foreman
system user account? I will try and see how it goes but I interpreted that
it try to create account in the ldap server if it does not exists - some
wording might need to reconsider as it is confusing.
thanks
On Fri, Aug 26, 2011 at 12:03 AM, Ohad Levy ohadlevy@gmail.com wrote:
On 2011 8 25 15:22, “Steve Kieu” msh.computing@gmail.com wrote:
Hi
Just check the ldap again and enable ldap, restart it, and capture these
log
Either you set on the fly creation, or you need to create the accounts
first.
Ohad
Processing UsersController#logout (for 10.200.9.194 at 2011-08-25
16:20:27) [GET]
Parameters: {“action”=>“logout”, “controller”=>“users”}
Setting current user thread-local variable to nil
Redirected to http://10.200.10.63:3000/users/login
Completed in 5ms (DB: 3) | 302 Found [http://10.200.10.63/users/logout]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:27) [GET]
Parameters: {“action”=>“login”, “controller”=>“users”}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 10ms (View: 8, DB: 22) | 200 OK [
http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:44) [POST]
Parameters: {“action”=>“login”,
“authenticity_token”=>“yOPPl+NeyQ9bNAV00oqm5wws+SFVg9ZK2huI+SSqe4s=”,
“controller”=>“users”, “login”=>{“password”=>"[FILTERED]",
“login”=>“stevek”}}
Setting current user thread-local variable to nil
User Load (0.1ms) SELECT * FROM users WHERE (users.login =
‘stevek’) LIMIT 1
Setting current user thread-local variable to nil
Role Load (0.1ms) SELECT * FROM roles WHERE (roles.name =
‘Anonymous’) LIMIT 1
Redirected to http://10.200.10.63:3000/users/login
Completed in 3ms (DB: 1) | 302 Found [http://10.200.10.63/users/login]
Processing UsersController#login (for 10.200.9.194 at 2011-08-25
16:20:44) [GET]
Parameters: {“action”=>“login”, “controller”=>“users”}
Setting current user thread-local variable to nil
Rendering template within layouts/application
Rendering users/login
Rendered home/_topbar (0.5ms)
Completed in 6ms (View: 4, DB: 1) | 200 OK [
http://10.200.10.63/users/login]
cheers
On Thu, Aug 25, 2011 at 10:11 PM, Ohad Levy ohadlevy@gmail.com wrote:
On 2011 8 25 13:43, “Steve Kieu” msh.computing@gmail.com wrote:
Have actually turned debug on but found nothing useful in the log
though
it print out several select statement and I saw it select from users
table. Use mysql and found no user is set at all. I guess why it still try
to access that table when auth coming from ldap? Anyway try to insert a user
uid as the same as ldap login to that table, which does not help as well.
Please paste the log output.
Thanks
Ohad
On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy ohadlevy@gmail.com >> wrote:
On Thu, Aug 25, 2011 at 9:07 AM, peace msh.computing@gmail.com >> wrote:
Hello everyone,
I am struggling to make ldap auth works without sucess. Even I
tried
both on debian6 and centos 6 setup. The strange thing is that
seems no
body reported this problem so I am not sure what I did wrong.
What I did is click Setting / LDAP Authentication and setup one
ldap
server
Account: I fill it with $login, I also tried using
cn=$login,base_dn
Password leave empty
Attr : uid
firstname: givenName
lasname: sn
attr mail: mail
I did not check the On-the-fly user creation but if I do not
supplie
uid it complain. So did not check but still need to fill it in.
Then enable ldap in the settings.yaml file. Login always say
Incorrect
username or password
I manually bind from the host I ran using that ldap credential and
success. This is the 389 directory server if it matters.
Please help as I could not think of anything else I might be wrong
here,
My guess is you are missing something simple, try turning on debug
messages[1], probably this should reveal a little bit more:
Ohad
[1] -
Troubleshooting - Foreman
Thanks
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to
foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com
.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.
–
Steve Kieu
–
Steve Kieu
If your system allows anonymous binds, don't put anything at all in
the 'account' field. Otherwise you will need to enter an account &
password that can bind to LDAP. This seemed to be dead simple to me.
Craig
···
On Aug 25, 4:35 pm, Steve Kieu wrote:
> OK enable on the fly user creation does not help
>
> Processing UsersController#login (for 10.200.0.236 at 2011-08-26 03:28:14)
> [POST]
> Parameters: {"action"=>"login",
> "authenticity_token"=>"FywP1h2gViADEaMPSG/aZ68tTO/AGoxgG+Z62GFwzCQ=",
> "controller"=>"users", "login"=>{"password"=>"[FILTERED]",
> "login"=>"stevek"}}
> Setting current user thread-local variable to nil
> User Load (0.1ms) SELECT * FROM `users` WHERE (`users`.`login` =
> 'stevek') LIMIT 1
> AuthSource Load (0.1ms) SELECT * FROM `auth_sources`
> AuthSourceInternal Columns (0.5ms) SHOW FIELDS FROM `auth_sources`
> Authenticating 'stevek' against 'Internal'
> User Load (0.2ms) SELECT * FROM `users` WHERE (login='stevek') LIMIT 1
> Authenticating 'stevek' against 'ldap'
> LDAP-Auth with User login
> Role Load (0.2ms) SELECT * FROM `roles` WHERE (`roles`.`name` =
> 'Anonymous') LIMIT 1
> Redirected tohttp://puppet:3000/users/login
> Completed in 9ms (DB: 38) | 302 Found [http://puppet/users/login]
>
> Processing UsersController#login (for 10.200.0.236 at 2011-08-26 03:28:14)
> [GET]
> Parameters: {"action"=>"login", "controller"=>"users"}
> Setting current user thread-local variable to nil
> Rendering template within layouts/application
> Rendering users/login
> Rendered home/_topbar (0.5ms)
> Rendered common/_searchbar (1.1ms)
> Completed in 7ms (View: 6, DB: 2) | 200 OK [http://puppet/users/login
>
> I will attached the ldap setting window here to see if I miss something
> obvious. Tried with the Attr firstname and mail leave empty as well as I
> could not see these attributes in the ldap server - and could not add it (do
> not know why PosixAccount prevent adding it even it is Org Person already.
>
> but I guess foreman does nto need this, probabaly the only thing it needs is
> uid to be matched.
>
> Thanks,
>
>
>
> On Fri, Aug 26, 2011 at 9:10 AM, Steve Kieu wrote:
> > Sorry I do not understand. I mean in ldap server, my account exists there
> > (I used it to login tomany other system using ldap)
>
> > So create account on the fly with foreman means to create on the foreman
> > system user account? I will try and see how it goes but I interpreted that
> > it try to create account in the ldap server if it does not exists - some
> > wording might need to reconsider as it is confusing.
>
> > thanks
>
> > On Fri, Aug 26, 2011 at 12:03 AM, Ohad Levy wrote:
>
> >> On 2011 8 25 15:22, "Steve Kieu" wrote:
>
> >> > Hi
>
> >> > Just check the ldap again and enable ldap, restart it, and capture these
> >> log
>
> >> Either you set on the fly creation, or you need to create the accounts
> >> first.
>
> >> Ohad
>
> >> > Processing UsersController#logout (for 10.200.9.194 at 2011-08-25
> >> 16:20:27) [GET]
> >> > Parameters: {"action"=>"logout", "controller"=>"users"}
> >> > Setting current user thread-local variable to nil
> >> > Redirected tohttp://10.200.10.63:3000/users/login
> >> > Completed in 5ms (DB: 3) | 302 Found [http://10.200.10.63/users/logout]
>
> >> > Processing UsersController#login (for 10.200.9.194 at 2011-08-25
> >> 16:20:27) [GET]
> >> > Parameters: {"action"=>"login", "controller"=>"users"}
> >> > Setting current user thread-local variable to nil
> >> > Rendering template within layouts/application
> >> > Rendering users/login
> >> > Rendered home/_topbar (0.5ms)
> >> > Completed in 10ms (View: 8, DB: 22) | 200 OK [
> >>http://10.200.10.63/users/login]
>
> >> > Processing UsersController#login (for 10.200.9.194 at 2011-08-25
> >> 16:20:44) [POST]
> >> > Parameters: {"action"=>"login",
> >> "authenticity_token"=>"yOPPl+NeyQ9bNAV00oqm5wws+SFVg9ZK2huI+SSqe4s=",
> >> "controller"=>"users", "login"=>{"password"=>"[FILTERED]",
> >> "login"=>"stevek"}}
> >> > Setting current user thread-local variable to nil
> >> > User Load (0.1ms) SELECT * FROM `users` WHERE (`users`.`login` =
> >> 'stevek') LIMIT 1
> >> > Setting current user thread-local variable to nil
> >> > Role Load (0.1ms) SELECT * FROM `roles` WHERE (`roles`.`name` =
> >> 'Anonymous') LIMIT 1
> >> > Redirected tohttp://10.200.10.63:3000/users/login
> >> > Completed in 3ms (DB: 1) | 302 Found [http://10.200.10.63/users/login]
>
> >> > Processing UsersController#login (for 10.200.9.194 at 2011-08-25
> >> 16:20:44) [GET]
> >> > Parameters: {"action"=>"login", "controller"=>"users"}
> >> > Setting current user thread-local variable to nil
> >> > Rendering template within layouts/application
> >> > Rendering users/login
> >> > Rendered home/_topbar (0.5ms)
> >> > Completed in 6ms (View: 4, DB: 1) | 200 OK [
> >>http://10.200.10.63/users/login]
>
> >> > cheers
>
> >> > On Thu, Aug 25, 2011 at 10:11 PM, Ohad Levy wrote:
>
> >> >> On 2011 8 25 13:43, "Steve Kieu" wrote:
>
> >> >> > Have actually turned debug on but found nothing useful in the log
> >> though
>
> >> >> > it print out several select statement and I saw it select from users
> >> table. Use mysql and found no user is set at all. I guess why it still try
> >> to access that table when auth coming from ldap? Anyway try to insert a user
> >> uid as the same as ldap login to that table, which does not help as well.
>
> >> >> Please paste the log output.
>
> >> >> Thanks
> >> >> Ohad
>
> >> >> > On Thu, Aug 25, 2011 at 5:49 PM, Ohad Levy > >> wrote:
>
> >> >> >> On Thu, Aug 25, 2011 at 9:07 AM, peace > >> wrote:
> >> >> >> > Hello everyone,
>
> >> >> >> > I am struggling to make ldap auth works without sucess. Even I
> >> tried
> >> >> >> > both on debian6 and centos 6 setup. The strange thing is that
> >> seems no
> >> >> >> > body reported this problem so I am not sure what I did wrong.
>
> >> >> >> > What I did is click Setting / LDAP Authentication and setup one
> >> ldap
> >> >> >> > server
>
> >> >> >> > Account: I fill it with $login, I also tried using
> >> cn=$login,base_dn
>
> >> >> >> > Password leave empty
>
> >> >> >> > Attr : uid
> >> >> >> > firstname: givenName
> >> >> >> > lasname: sn
> >> >> >> > attr mail: mail
>
> >> >> >> > I did not check the On-the-fly user creation but if I do not
> >> supplie
> >> >> >> > uid it complain. So did not check but still need to fill it in.
>
> >> >> >> > Then enable ldap in the settings.yaml file. Login always say
> >> Incorrect
> >> >> >> > username or password
>
> >> >> >> > I manually bind from the host I ran using that ldap credential and
> >> >> >> > success. This is the 389 directory server if it matters.
>
> >> >> >> > Please help as I could not think of anything else I might be wrong
> >> >> >> > here,
>
> >> >> >> My guess is you are missing something simple, try turning on debug
> >> >> >> messages[1], probably this should reveal a little bit more:
>
> >> >> >> Ohad
>
> >> >> >> [1] -
> >>http://theforeman.org/projects/foreman/wiki/Troubleshooting#How-do-I-...
>
> >> >> >> > Thanks
>
> >> >> >> > --
> >> >> >> > You received this message because you are subscribed to the Google
> >> Groups "Foreman users" group.
> >> >> >> > To post to this group, send email to
> >> foreman-users@googlegroups.com.
> >> >> >> > To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> >> >> > For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> >> >> >> --
> >> >> >> You received this message because you are subscribed to the Google
> >> Groups "Foreman users" group.
> >> >> >> To post to this group, send email to foreman-users@googlegroups.com
> >> .
> >> >> >> To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> >> >> For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> >> >> > --
> >> >> > Steve Kieu
>
> >> >> > --
> >> >> > You received this message because you are subscribed to the Google
> >> Groups "Foreman users" group.
> >> >> > To post to this group, send email to foreman-users@googlegroups.com.
> >> >> > To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> >> > For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> >> Groups "Foreman users" group.
> >> >> To post to this group, send email to foreman-users@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> >> For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> >> > --
> >> > Steve Kieu
>
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> Groups "Foreman users" group.
> >> > To post to this group, send email to foreman-users@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> > For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "Foreman users" group.
> >> To post to this group, send email to foreman-users@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> foreman-users+unsubscribe@googlegroups.com.
> >> For more options, visit this group at
> >>http://groups.google.com/group/foreman-users?hl=en.
>
> > --
> > Steve Kieu
>
> --
> Steve Kieu
>
> Screenshot-Edit Auth Source Ldap - Google Chrome.png
> 147KViewDownload
