I am installing OOD on RHEL 7.9 via RPM. Install ondemand-dex and add ldap support. When I try to login to the OOD portal, I get the following error:
Internal Server Error
Login error: failed to connect: LDAP Result Code 200 “Network Error”: dial tcp 12.12.12.100:636: connect: connection refused
The httpd24 log error:
[auth_openidc:warn] [pid 130945] [client 12.12.12.100:34956] oidc_clean_expired_state_cookies: state (mod_auth_openidc_state_j8I-PIKIV2gDYZLFJgVWUd-N77g) has expired (original_url=http://12.12.12.100/pun/sys/dashboard)
[auth_openidc:warn] [pid 3776] oidc_check_config_openid_openidc: the URL scheme (http) of the configured OIDCProviderMetadataURL SHOULD be “https” for security reasons!
[auth_openidc:warn] [pid 3776] oidc_check_config_openid_openidc: the URL scheme (http) of the configured OIDCRedirectURI SHOULD be “https” for security reasons (moreover: some Providers may reject non-HTTPS URLs)
Here is the dex portion of my ood_portal.yml:
---
# The server name used for name-based Virtual Host
# Example:
# servername: 'www.example.com'
# Default: null (don't use name-based Virtual Host)
servername: 12.12.12.100
# ...
dex:
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: 12.12.12.100:636
insecureSkipVerify: false
bindDN: cn=Manager,dc=local,dc=cn
bindPW: admin069
userSearch:
baseDN: ou=People,dc=local,dc=cn
filter: "(objectClass=posixAccount)"
username: uid
idAttr: uid
emailAttr: mail
nameAttr: gecos
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=People,dc=local,dc=cn
filter: "(objectClass=posixGroup)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn
Here is the ldapsearch translation:
[root@mu01 config]# ldapsearch -x -h 12.12.12.100 -b 'dc=local,dc=cn'
# extended LDIF
#
# LDAPv3
# base <dc=local,dc=cn> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# local.cn
dn: dc=local,dc=cn
dc: local
objectClass: top
objectClass: domain
# Manager, local.cn
dn: cn=Manager,dc=local,dc=cn
objectClass: organizationalRole
cn: Manager
description: LDAP Manager
# People, local.cn
dn: ou=People,dc=local,dc=cn
objectClass: organizationalUnit
ou: People
# Group, local.cn
dn: ou=Group,dc=local,dc=cn
objectClass: organizationalUnit
ou: Group
# chem, Group, local.cn
dn: cn=chem,ou=Group,dc=local,dc=cn
objectClass: posixGroup
objectClass: top
cn: chem
gidNumber: 1000
# wuy, People, local.cn
dn: uid=wuy,ou=People,dc=local,dc=cn
uid: wuy
cn: wuy
sn: wuy
mail: wuy@local.cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/wuy
# search result
search: 2
result: 0 Success
# numResponses: 7
# numEntries: 6
The machine hostname is mu01, and the IP is 12.12.12.100. I also turn off the service of firewalld and disabled selinux.
I’m not sure how to resolve this issue. Any assistance would be greatly appreciated.