Re: [Netdisco] LDAP Authentication

[David B. <dav...@au...>]

On 1/03/14 9:13 AM, Sassan Dibadj wrote:
>
> I’ve been trying for a while now to get LDAP authentication working
> with netdisco but have not been successful. This is LDAP with an
> active directory domain.
>
>  
>
> I create an account in netdisco with the same name as the ldap user
> and check the ldap box while leaving the password blank.
>
>  
>
> In netdisco.conf I’ve set the following.
>
>  
>
> ldap_server          = xxxxxxxx
>
> ldap_user_string     = DOMAIN\%USER%
>
> ldap_proxy_user      = xxxxxxx
>
> ldap_proxy_pass      = xxxxxxx
>
>  
>
> I’ve verified that the proxy user and proxy pass work by doing an
> ldapsearch command.
>
>  
>
> All I get back from netdisco is Bad Login and I can’t find any logs to
> help figure out what is going on.
>
>  
>
> Does anyone have some suggestions as to where logs might be or what I
> might be doing wrong?
>
With AD you do not require a proxy user/pass. User authentication works
using UserPrincipalName as the LDAP bind DN.

Depending on your AD configuration, the following _should_ work for
fairly standard configurations:

ldap_server          = <fully qualified domain>
ldap_user_string     = %USER%@<FULLY QUALIFIED DOMAIN>
ldap_opts            = version => 3, debug => 0

So if your AD domain is called example.com, follwoing should work:

ldap_server          = example.com
ldap_user_string     = %USER%@EXAMPLE.COM
ldap_opts            = version => 3, debug => 0

The technicalities are that the server should actually be the same as
DNS for _ldap._tcp.example.com (which may work also, I haven't tested),
and the UserPrincipalName attribute in AD is of the form US...@EX...

David.
>
>  
>
> Thank you.
>
>
> ------------------------------------------------------------------------
>
> UT Southwestern Medical Center
> The future of medicine, today.
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Netdisco mailing list
> net...@li...
> https://lists.sourceforge.net/lists/listinfo/netdisco-users


-- 
David Baldwin - Senior Systems Administrator (Datacentres + Networks)
Information and Communication Technology Services
Australian Sports Commission          http://ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
dav...@au...          1 Leverrier Street Bruce ACT 2617
Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE


-------------------------------------------------------------------------------------
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.
-------------------------------------------------------------------------------------