Hey,
I'm trying to authenticate using 389DS to Foreman.
It seems to be working but it won't filter the attributes.
Here are some logs:
Configuring the LDAP:
Started PUT "/auth_source_ldaps/2" for 10.76.50.43 at 2013-11-03 19:21:44
+0200
Processing by AuthSourceLdapsController#update as HTML
Parameters: {"utf8"=>"â“",
"authenticity_token"=>"P7lS6nxjiCt4w+D1dvg+ygi+gGnTHuiUn9TfN8MtGVs=",
"auth_source_ldap"=>{"name"=>"XtremIO LDAP",
"host"=>"ldap.xioeng.lab.example.com", "port"=>"389", "tls"=>"0",
"account"=>"", "account_password"=>"[FILTERED]",
"base_dn"=>"ou=People,dc=xioeng,dc=lab,dc=example,dc=com",
"ldap_filter"=>"", "onthefly_register"=>"0", "attr_login"=>"uid",
"attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail"},
"commit"=>"Submit", "id"=>"2"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1
LIMIT 1 [["id", 1]]
Setting current user thread-local variable to admin
AuthSourceLdap Load (0.2ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap') AND "auth_sources"."id" =
$1 LIMIT 1 [["id", "2"]]
(0.1ms) BEGIN
AuthSource Exists (0.2ms) SELECT 1 AS one FROM "auth_sources" WHERE
("auth_sources"."name" = 'XtremIO LDAP' AND "auth_sources"."id" != 2) LIMIT
1
(0.1ms) COMMIT
Redirected to https://foreman.xiolab.lab.example.com/auth_source_ldaps
Completed 302 Found in 6ms (ActiveRecord: 0.6ms)
Started GET "/auth_source_ldaps" for 10.76.50.43 at 2013-11-03 19:21:44
+0200
Processing by AuthSourceLdapsController#index as HTML
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1
LIMIT 1 [["id", 1]]
Setting current user thread-local variable to admin
AuthSourceLdap Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap') LIMIT 1
AuthSourceLdap Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
WHERE "auth_sources"."type" IN ('AuthSourceLdap')
Rendered auth_source_ldaps/index.html.erb within layouts/application
(2.1ms)
Rendered home/_user_dropdown.html.erb (0.9ms)
Read fragment views/tabs_and_title_records-1 (0.1ms)
Rendered home/_topbar.html.erb (1.4ms)
Completed 200 OK in 12ms (Views: 7.5ms | ActiveRecord: 0.9ms)
- Trying to access TheForeman:*
tarted POST "/users/login" for 10.76.50.43 at 2013-11-03 19:23:20 +0200
> Processing by UsersController#login as HTML
> Parameters: {"utf8"=>"â“",
> "authenticity_token"=>"wK9d4NuE9t/dFNVNj+JL8XXNMBFmgjm8mCHNbXkZkwU=",
> "login"=>{"login"=>"erand", "password"=>"[FILTERED]"}, "commit"=>"Login"}
> Setting current user thread-local variable to nil
> User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."login" =
> 'erand' LIMIT 1
> AuthSource Load (0.3ms) SELECT "auth_sources".* FROM "auth_sources"
> WHERE "auth_sources"."id" = 2 LIMIT 1
> LDAP-Auth with User
> DN found for erand: uid=erand,ou=People,dc=xioeng,dc=lab,dc=example,dc=com
> Authenticated user erand against LDAP-XtremIO LDAP authentication source
> User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."login" =
> 'admin' ORDER BY firstname LIMIT 1
> Setting current user thread-local variable to admin
> (0.1ms) BEGIN
> (0.4ms) UPDATE "users" SET "last_login_on" = '2013-11-03
> 17:23:20.546302', "updated_at" = '2013-11-03 17:23:20.547717' WHERE
> "users"."id" = 2
> Expire fragment views/tabs_and_title_records-1 (0.9ms)
> (0.6ms) COMMIT
> Role Load (0.3ms) SELECT "roles".* FROM "roles" WHERE "roles"."name" =
> 'Anonymous' LIMIT 1
> Role Exists (0.3ms) SELECT 1 AS one FROM "roles" INNER JOIN
> "user_roles" ON "roles"."id" = "user_roles"."role_id" WHERE
> "user_roles"."user_id" = 2 AND "roles"."id" = 8 LIMIT 1
> Setting current user thread-local variable to erand
> Setting current user thread-local variable to nil
> Redirected to https://foreman.xiolab.lab.example.com/hosts
> Completed 302 Found in 29ms (ActiveRecord: 2.8ms)
Attributes on my LDAP server:
[root@ldap ~]# ldapsearch -LLL -x -b
"ou=people,dc=xioeng,dc=lab,dc=example,dc=com" '(uid=erand)' uid givenName
sn mail
dn: uid=erand,ou=People,dc=xioeng,dc=lab,dc=example,dc=com
uid: erand
givenName: Eran
sn: Nah
mail: eran@example.com
And when I login, the username is filled with the correct username, but the
Firstname, Surename, Mail are left blanked.
Please advice, I'm pretty sure it's not my LDAP server as I've got many
applications using it already.
Thanks a bunch!