Menu
▾
▴
Re: [OpenXPKI-users] SPAM: Re: How to use attributes in LDAP as OpenXPKI user attributes
|
From: Oliver W. <ma...@ol...> - 2025-12-05 18:46:07
|
Hello Xiao, the provided LDAP authentication connector is not able to read attributes from LDAP - it just makes a bind to check the password. There is a suitable module avail in the enterprise version, as an alternative you can use an external authentication proxy like Authelia and use it to feed the attributes via the environment. Oliver On 11/27/25 07:48, HAN Xiao wrote: > Hello Oliver, > > Thank you for your reply. > I am very sorry about the AI-generated configuration in my previous email. That was my mistake, and I fully understand your concern. I will no longer use any AI-generated config when asking questions on the mailing list. > > Regarding my issue: I have been reading the documentation on > https://openxpki.readthedocs.io/en/master/ > > but I may have overlooked the relevant part. What I am trying to understand is: > > How to correctly map LDAP attributes (e.g. firstName, lastName, email) to OpenXPKI user attributes such as userinfo.* for TestAccounts, and how these mapped values can be used in profile presets. > > If this is already described somewhere in the documentation, could you please let me know where to find it? I would really appreciate even a small pointer, and I apologize again if the information is already there and I simply missed it. > > Thank you very much for your time, and sorry again for the trouble caused. > > Best regards, > Xiao Han > > > -----Original Messages----- > From: "Oliver Welter" <ma...@ol...> > Send time: Thursday, 11/27/2025 14:11:59 > To: ope...@li... > Subject: Re: [OpenXPKI-users] How to use attributes in LDAP as OpenXPKI user attributes > > Hello, > > please read the extensive documntation and stop spamming the ML with AI generated config. > > best regards > > Oliver > > On 11/26/25 17:41, HAN Xiao wrote: > Dear Developer, > > I encountered an issue while configuring OpenXPKI: > I’m unable to use user attributes from LDAP as user properties in presets or in other parts of the workflow. > > In detail, my LDAP connection is working and I can log in normally. The configuration is as follows: > > --stack.yaml-- > LDAPAuth: > label: LDAP Auth > description: Login with LDAP > handler: LDAPAuth > type: passwd > > --handler.yaml-- > LDAPAuth: > type: Connector > label: LDAP Login for Users > role: User > source@: connector:auth.connector.userLDAP > > attributes: > userinfo.email@: "param:email" > userinfo.gname@: "param:firstName" > userinfo.name@: "param:lastName" > > --connector.yaml-- > userLDAP: > class: Connector::Builtin::Authentication::LDAP > LOCATION: ldap://xxx.xxx.xx.xx > base: ou=users,dc=xxxx,dc=xx,dc=xx > binddn: cn=xxxx,ou=users,dc=xxxx,dc=xx,dc=xx > password: xxxx > debug: 1 > verify: none > filter: "(email=[% LOGIN %])" > > > attrs: > - email > - firstName > - lastName > > > > The LDAP contains the following information that I need: > > email: ha...@ih... > lastName: Han > firstName: Xiao > sex: male > sn: hanx14 > afs: hanx > > But I don't know how to use it in realm/realm_name/profile/template/ > I just do some simple test, like > > --requestor_gname.yaml-- > id: requestor_gname > label: I18N_OPENXPKI_UI_PROFILE_REQUESTOR_REALNAME > description: I18N_OPENXPKI_UI_PROFILE_REQUESTOR_REALNAME_DESC > type: static > width: 40 > placeholder: John Doe > preset: userinfo.gname > required: 0 > > However, in the web UI it shows as <not set>. > > Additionally, there are a large number of errors in /var/log/openxpki-server/catchall.log and openxpki.log: > 2025/11/27 00:09:01 FATAL OpenXPKI::Service::Default->init() failed: I18N_OPENXPKI_TRANSPORT_SIMPLE_CLIENT_READ_CLOSED_CONNECTION [pid=370|sid=OHJK] > 2025/11/27 00:09:01 openxpki.system.FATAL OpenXPKI::Service::Default->init() failed: I18N_OPENXPKI_TRANSPORT_SIMPLE_CLIENT_READ_CLOSED_CONNECTION [pid=370|sid=OHJK] > > I’m not sure if these are related to the issue. > > I look forward to your help. Thank you! > > Best regards, > Xiao HAN > > > > _______________________________________________ > OpenXPKI-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! |
