LDAP bind issues in capablanca-1


#1

I am using LDAP with a type of UID= and I am not getting user groups from LDAP yet. I have defined my User Suffix.

When I attempt to authenticate I get this in the logs:

[----] I, [2015-12-15T18:40:22.176371 #2940:ffb98c] INFO – : MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.91.206.164], User: []…
[----] E, [2015-12-15T18:40:22.177149 #2940:ffb98c] ERROR – : MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.91.206.164], User: [], ‘Invalid binding information’
[----] E, [2015-12-15T18:40:22.177419 #2940:ffb98c] ERROR – : [NoMethodError]: undefined method fqusername' for nil:NilClass Method:[rescue in authenticate] [----] E, [2015-12-15T18:40:22.177708 #2940:ffb98c] ERROR -- : /var/www/miq/vmdb/app/models/authenticator/ldap.rb:61:innormalize_username’
/var/www/miq/vmdb/app/models/authenticator.rb:47:in authenticate' /var/www/miq/vmdb/app/models/user.rb:162:inauthenticate’
/var/www/miq/vmdb/app/services/user_validation_service.rb:100:in validate_user_kick_off_task' /var/www/miq/vmdb/app/services/user_validation_service.rb:19:invalidate_user’
/var/www/miq/vmdb/app/controllers/dashboard_controller.rb:640:in validate_user' /var/www/miq/vmdb/app/controllers/dashboard_controller.rb:511:inauthenticate’

Notice that the User: [] is blank, I think that should have the full DN that it is attempting to bind to LDAP as. Has anyone else run into this problem?


#2

@abellotti Please take a look.


#3

Issue reproducing this.

Can you provide additional information, including which Ldap directory server is this being tested against, object classes on user and group objects, as well as member/memberof attribute existence in each user and group objects.

As well as ldap configuration details (Invalid binding information error is probably coming from the Ldap server). i.e., how is Configure->Configuration->Server->Authentication page filled in.

Thanks.


#4

Sure, below:

server: OpenLDAP
user objectClasses: inetOrgPerson, posixAccount
group objectClasses: posixGroup (which uses memberUid for membership)

Settings in MIQ:
Mode: LDAPS
User Type: Distinguished Name (UID=)
No domain prefix
User Suffix: ou=people,dc=example,dc=com

Get groups from LDAP is unchecked

Could this be a problem with SSL verification?


#5

This PR fixes the issue I am seeing: https://github.com/ManageIQ/manageiq/pull/6005