Hi All, We are trying to authenticate our users with LDAP for the ood and we have encountered some issues. I should mention that, our LDAP service doesn’t provide uid/shell/home/directory, rather it only provides specific groups and user authentication. What we want here is that users get authenti…

[image] jeff.ohrstrom: AuthLDAPSearchAsUser on Thanks for all the help. I finally got this working for another user too. Here are the settings that worked for us: Note the AuthLDAPURL does not have “CN” in our case. Also binding with an admin account was necessary. [root@host ~]# cat /etc/o…

Thanks for the quick response. Can you please tell me what needs to be added exactly for the debug logging level? I added below but the service doesn’t restart. I think the syntax is not correct… cat /opt/rh/httpd24/root/etc/httpd/conf.d/ldap_debug.conf Loglevel mod_authnz_ldap:debug

You’re absolutely right! Here’s the correct config, and I’ll update the other post as well. Loglevel ldap_module:debug Loglevel authnz_ldap_module:debug

Thanks for the update. With the additional debugging layer, it seems like ldap doesn’t find the object: [authnz_ldap:info] [pid 15985] [client ***] AH01695: auth_ldap authenticate: user *** authentication failed; URI /pun/sys/dashboard [User not found][No such object]

NP! And yea, the second bit of that post is about ensuring the ldap query string is correct. My hint is to hack around with the ldapsearch command and try to find a user with the appropriate base dn and attributes manually then translate that into an apache config.

Yeah thanks for the second part It’s helpful. I think it’s about the attribute now. Each LDAP server is unique in terms of what it uses for the attributes, from what I see it’s neither uid nor sammaccount for us but it’s sth like “name”. Now after the latest update to the attributes I get this erro…

Remove that file /var/run/ondemand-nginx/$USER/passenger.sock, looks like it gets created before we’re sure you’re a legit user and doesn’t get cleaned up.

Ok, thanks, great I am able to do the authentication now. but the same error appears for other users. Is it important that the binder username/password is a different service account? For testing purposes, I am using my account to do the binding…

I don’t think so, but I’m not sure. I know there’s this setting that uses the users’ credentials to authorize. That way you don’t have to save passwords in the file. As to the issue with other users, I’d just be sure the same base dn/attribute query can find them too.

Do you have a sample on how to specify usage of "users’ creds for authorization? I tried a few things but could only get Auth binding with user password to work. other users issue still exists. I can get queries from other users using the same base dn. I don’t put the attribute part in the query (?…

LDAP authentication issues - user not found

Get Help

jeff.ohrstrom (Jeff Ohrstrom) February 25, 2020, 2:48pm 2

Here are some items to look at from this topic. One is setting debug logs, the other being sure that your query is right. Your suspicion is likely correct, binding works, but the query or result is somehow wrong.

Topic		Replies	Views
LDAP authentication failure Get Help	22	2816	May 26, 2022
Having issues setting up LDAP/Active Directory auth Get Help question	5	2872	May 26, 2022
Login error with ood-dex and Freeipa LDAP on CentOS 7 Get Help question	17	1316	May 26, 2022
Login error: ldap: initial bind for user: Invalid Credentials - Active Directory Get Help ondemand2 , question	3	2265	May 26, 2022
Nginx bind to passenger.sock failed with LDAP authentication Get Help question	4	1529	May 26, 2022

LDAP authentication issues - user not found

Related topics