-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP: Error Found 'Test User' but this user has no groups... #17
Comments
Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups. We will probably need to know more about your LDAP setup to debug this one. |
Thank you for your quick reply. Below is my results of my ldapsearch -x -H ldaps://ht-ldap-0.it.anl.gov:636 command: extended LDIFLDAPv3base <dc=it,dc=anl,dc=gov> (default) with scope subtreefilter: (objectclass=*)requesting: ALLit.anl.govdn: dc=it,dc=anl,dc=gov People, it.anl.govdn: ou=People,dc=it,dc=anl,dc=gov group, it.anl.govdn: ou=group,dc=it,dc=anl,dc=gov SUDOers, it.anl.govdn: ou=SUDOers,dc=it,dc=anl,dc=gov ht-test-stage-0, SUDOers, it.anl.govdn: cn=ht-test-stage-0,ou=SUDOers,dc=it,dc=anl,dc=gov ht-scot-0, SUDOers, it.anl.govdn: cn=ht-scot-0,ou=SUDOers,dc=it,dc=anl,dc=gov cfm, group, it.anl.govdn: cn=cfm,ou=group,dc=it,dc=anl,dc=gov cfm, People, it.anl.govdn: cn=cfm,ou=People,dc=it,dc=anl,dc=gov sys-kenobi, group, it.anl.govdn: cn=sys-kenobi,ou=group,dc=it,dc=anl,dc=gov Mario Campos, People, it.anl.govdn: cn=Mario Campos,ou=People,dc=it,dc=anl,dc=gov search resultsearch: 2 numResponses: 11numEntries: 10As you can see, I am using objectClasses posixAccount, posixGroup to provide LDAP servers to our Linux machines. Is there another option I can enter for the “Membership Attr” field instead of “memberOf”? Since, my LDAP server is not using the OpenLDAP ‘memberof’ overlay? Below are the values during SCOT LDAP setup: LDAP Server: ldaps://ht-ldap-0.it.anl.gov Thank you for helping me troubleshoot OpenLDAP integration. Jose From: Todd Bruner <notifications@github.commailto:notifications@github.com> Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups. We will probably need to know more about your LDAP setup to debug this one. — |
After changing OpenLDAP to support rfc2703bis schema and using the memberOf overlay, finally was able to successfully validate against SCOT LDAP auth using the admin account. How do I use LDAP credentials for the SCOT HTTP basic authentication? Do I use the username@localdomain syntax? From: Todd Bruner <notifications@github.commailto:notifications@github.com> Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups. We will probably need to know more about your LDAP setup to debug this one. — |
We have an update I need to apply that should help with your original problem. I'm glad you have got it to work though. As for your second question, I apologize if I am not understanding the question, but SCOT looks for a session cookie, if it is not present, then you will get 401 which will prompt the browser to provide a basic auth popup. There you will enter username / password combination. I've never tried "username@domain" as a login, but it might work. It should be passed on to LDAP and if it can parse it, then we should be fine. Hope that helps... |
This error occurs with OpenLDAP 2.4.39 server and SCOT 3.4.0 - Hindenberg. Ubuntu 14.04.2 LTS.
What's are correct parameters on the User Authentication page for LDAPS for OpenLDAP 2.4?
The text was updated successfully, but these errors were encountered: