The Foreman 1.3.0-1 and LDAP attributes

Hey,

I'm trying to authenticate using 389DS to Foreman.
It seems to be working but it won't filter the attributes.

Here are some logs:

Configuring the LDAP:

Started PUT "/auth_source_ldaps/2" for 10.76.50.43 at 2013-11-03 19:21:44
+0200
Processing by AuthSourceLdapsController#update as HTML
Parameters: {"utf8"=>"â“",
"authenticity_token"=>"P7lS6nxjiCt4w+D1dvg+ygi+gGnTHuiUn9TfN8MtGVs=",
"auth_source_ldap"=>{"name"=>"XtremIO LDAP",
"host"=>"ldap.xioeng.lab.example.com", "port"=>"389", "tls"=>"0",
"account"=>"", "account_password"=>"[FILTERED]",
"base_dn"=>"ou=People,dc=xioeng,dc=lab,dc=example,dc=com",
"ldap_filter"=>"", "onthefly_register"=>"0", "attr_login"=>"uid",
"attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail"},
"commit"=>"Submit", "id"=>"2"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1
LIMIT 1 [["id", 1]]
Setting current user thread-local variable to admin
AuthSourceLdap Load (0.2ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap') AND "auth_sources"."id" =
$1 LIMIT 1 [["id", "2"]]
(0.1ms) BEGIN
AuthSource Exists (0.2ms) SELECT 1 AS one FROM "auth_sources" WHERE
("auth_sources"."name" = 'XtremIO LDAP' AND "auth_sources"."id" != 2) LIMIT
1
(0.1ms) COMMIT
Redirected to https://foreman.xiolab.lab.example.com/auth_source_ldaps
Completed 302 Found in 6ms (ActiveRecord: 0.6ms)

Started GET "/auth_source_ldaps" for 10.76.50.43 at 2013-11-03 19:21:44
+0200
Processing by AuthSourceLdapsController#index as HTML
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1
LIMIT 1 [["id", 1]]
Setting current user thread-local variable to admin
AuthSourceLdap Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap') LIMIT 1
AuthSourceLdap Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap')
Rendered auth_source_ldaps/index.html.erb within layouts/application
(2.1ms)
Rendered home/_user_dropdown.html.erb (0.9ms)
Read fragment views/tabs_and_title_records-1 (0.1ms)
Rendered home/_topbar.html.erb (1.4ms)
Completed 200 OK in 12ms (Views: 7.5ms | ActiveRecord: 0.9ms)

• Trying to access TheForeman:*

tarted POST "/users/login" for 10.76.50.43 at 2013-11-03 19:23:20 +0200
> Processing by UsersController#login as HTML
> Parameters: {"utf8"=>"â“",
> "authenticity_token"=>"wK9d4NuE9t/dFNVNj+JL8XXNMBFmgjm8mCHNbXkZkwU=",
> "login"=>{"login"=>"erand", "password"=>"[FILTERED]"}, "commit"=>"Login"}
> Setting current user thread-local variable to nil
> User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."login" =
> 'erand' LIMIT 1
> AuthSource Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
> WHERE "auth_sources"."id" = 2 LIMIT 1
> LDAP-Auth with User
> DN found for erand: uid=erand,ou=People,dc=xioeng,dc=lab,dc=example,dc=com
> Authenticated user erand against LDAP-XtremIO LDAP authentication source
> User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."login" =
> 'admin' ORDER BY firstname LIMIT 1
> Setting current user thread-local variable to admin
> (0.1ms) BEGIN
> (0.4ms) UPDATE "users" SET "last_login_on" = '2013-11-03
> 17:23:20.546302', "updated_at" = '2013-11-03 17:23:20.547717' WHERE
> "users"."id" = 2
> Expire fragment views/tabs_and_title_records-1 (0.9ms)
> (0.6ms) COMMIT
> Role Load (0.3ms) SELECT "roles".* FROM "roles" WHERE "roles"."name" =
> 'Anonymous' LIMIT 1
> Role Exists (0.3ms) SELECT 1 AS one FROM "roles" INNER JOIN
> "user_roles" ON "roles"."id" = "user_roles"."role_id" WHERE
> "user_roles"."user_id" = 2 AND "roles"."id" = 8 LIMIT 1
> Setting current user thread-local variable to erand
> Setting current user thread-local variable to nil
> Redirected to https://foreman.xiolab.lab.example.com/hosts
> Completed 302 Found in 29ms (ActiveRecord: 2.8ms)

Attributes on my LDAP server:

[root@ldap ~]# ldapsearch -LLL -x -b
"ou=people,dc=xioeng,dc=lab,dc=example,dc=com" '(uid=erand)' uid givenName
sn mail
dn: uid=erand,ou=People,dc=xioeng,dc=lab,dc=example,dc=com
uid: erand
givenName: Eran
sn: Nah
mail: eran@example.com

And when I login, the username is filled with the correct username, but the
Firstname, Surename, Mail are left blanked.

Please advice, I'm pretty sure it's not my LDAP server as I've got many
applications using it already.

Thanks a bunch!

foreman_ldap.JPG1261×782 5.81 KB

I think you may have hit the authentication but I filed:
http://projects.theforeman.org/issues/3493

You actually need to enable "Automatically create accounts in Foreman" on
the LDAP authentication page.

If that is not check it should not let you authenticate with a new account.

Oh crap.

This happened only because my user already existed on the system.

I deleted the user and it's now working.

Sorry for the troubles!

Hey Chuck,

Thanks for the respond!

I've already tried checking "Automatically create account" but this doesn't
help.
When this option is checked, I log-in and it says
"Mail is required" on the upper right, so it cannot continue create the
account without this info.

Thanks!

Can you do a debug with "Automatically create account" checked. It is the
only way Foreman will try to fill out those fields.

There ya go,

I couldn't find anything special in the logfile:

Started POST "/users/login" for 10.76.50.43 at 2013-11-04 14:23:56 +0200