Re: [OpenXPKI-users] Issue with LDAP login on OpenXPKI

Wed, 09 Apr 2025 10:29:23 -0700 

Hi Fay,
I can remember that there are some tricks to know but I can not remember them :(
Did you try the memberOf query as filter to the ldap search? AFAIR you need permissions on the group tree to be able to search in this way, so those might be missing....I did not use this module for a long time and I am also not an LDAP expert. 


Oliver


On 08.04.25 07:09, Fay Knol via OpenXPKI-users wrote:

Dear mailing list users,
I'm currently a 2^nd  year student at the HU University of Applied Sciences Utrecht working on setting up OpenXPKI as an issuing CA for our student "playground" to self sign certificates. I'm trying to set up LDAP authentication for operators. However, I've been having some issues I haven't been able to figure out for the past week or so.
With a ldapsearch like below I get a proper return, so I think that isolates my Active Directory as a variable. ldapsearch -LLL -x -H ldap://{test server ip} -D "[email protected]" -w "Secure123" -b "DC=vault,DC=local" "(sAMAccountName=fay)" memberOf 
dn: CN=Fay's Test Account,CN=Users,DC=vault,DC=local
memberOf: CN=PKIAdmins,CN=Users,DC=vault,DC=local
memberOf: CN=DnsAdmins,CN=Users,DC=vault,DC=local

So now I don't get why my configs don't work
Connector config:
ra-ldap:
    class: Connector::Builtin::Authentication::LDAP
    LOCATION: ldap://{test server ip}
    base: "DC=vault,DC=local"
    binddn: cn=openxpki
    password: "Secure123"
    filter: "(&(sAMAccountName=[% LOGIN %])(memberOf=CN=PKIAdmins,OU=Users,CN=Users,DC=vault,DC=local))" 
(mail also didn't work)

Handler config:
ldap:
    type: Password
    class: OpenXPKI::Server::Authentication::LDAP
    label: LDAP Authentication
    connector: ra-ldap
    role: RA Operator

Stack config:
LDAP:
    label: LDAP Login
    description: Login via Active Directory
    handler: ldap
    type: passwd
The rest of the configuration related to LDAP is just so far just the default copied from the example, test account login works fine. 


Am I missing something obvious?
Are there any other things I should look out for?

Thanks in advance,
Fay Knol


_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to