Comments (4)
Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups.
We will probably need to know more about your LDAP setup to debug this one.
from scot.
Thank you for your quick reply.
Below is my results of my ldapsearch -x -H ldaps://ht-ldap-0.it.anl.gov:636 command:
extended LDIF
LDAPv3
base <dc=it,dc=anl,dc=gov> (default) with scope subtree
filter: (objectclass=*)
requesting: ALL
it.anl.gov
dn: dc=it,dc=anl,dc=gov
objectClass: organization
objectClass: dcObject
dc: it
o: it
People, it.anl.gov
dn: ou=People,dc=it,dc=anl,dc=gov
objectClass: organizationalUnit
ou: People
group, it.anl.gov
dn: ou=group,dc=it,dc=anl,dc=gov
objectClass: organizationalUnit
ou: group
SUDOers, it.anl.gov
dn: ou=SUDOers,dc=it,dc=anl,dc=gov
objectClass: organizationalUnit
ou: SUDOers
ht-test-stage-0, SUDOers, it.anl.gov
dn: cn=ht-test-stage-0,ou=SUDOers,dc=it,dc=anl,dc=gov
objectClass: sudoRole
cn: ht-test-stage-0
description: root
sudoHost: ht-test-stage-0.it.anl.gov
sudoCommand: ALL
sudoRunAsUser: ALL
sudoUser: cfm
ht-scot-0, SUDOers, it.anl.gov
dn: cn=ht-scot-0,ou=SUDOers,dc=it,dc=anl,dc=gov
objectClass: sudoRole
cn: ht-scot-0
sudoHost: ht-scot-0
sudoCommand: ALL
sudoRunAsUser: ALL
description: root
sudoUser: mcampos
cfm, group, it.anl.gov
dn: cn=cfm,ou=group,dc=it,dc=anl,dc=gov
objectClass: posixGroup
description: cfm
gidNumber: 678
cn: cfm
cfm, People, it.anl.gov
dn: cn=cfm,ou=People,dc=it,dc=anl,dc=gov
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/cfm
loginShell: /bin/bash
uid: cfm
cn: cfm
gecos: cfm
uidNumber: 678
gidNumber: 678
sn: cfm
sys-kenobi, group, it.anl.gov
dn: cn=sys-kenobi,ou=group,dc=it,dc=anl,dc=gov
objectClass: posixGroup
description: sys-kenobi
gidNumber: 13356
cn: sys-kenobi
Mario Campos, People, it.anl.gov
dn: cn=Mario Campos,ou=People,dc=it,dc=anl,dc=gov
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
homeDirectory: /home/mcampos
loginShell: /bin/bash
uid: mcampos
cn: Mario Campos
gecos: M. Campos
uidNumber: 554
gidNumber: 13356
sn: Campos
givenName: Mario
search result
search: 2
result: 0 Success
numResponses: 11
numEntries: 10
As you can see, I am using objectClasses posixAccount, posixGroup to provide LDAP servers to our Linux machines. Is there another option I can enter for the “Membership Attr” field instead of “memberOf”? Since, my LDAP server is not using the OpenLDAP ‘memberof’ overlay? Below are the values during SCOT LDAP setup:
LDAP Server: ldaps://ht-ldap-0.it.anl.gov
Base Domain: dc=it,dc=anl,dc=gov
User ID Attribute: uid
Membership Attr: memberOf
Bind DN: cn=cfm,ou=People,dc=it,dc=anl,dc=gov
Bind Password: password
Test User: cfm
Thank you for helping me troubleshoot OpenLDAP integration.
Jose
From: Todd Bruner <[email protected]mailto:[email protected]>
Reply-To: sandialabs/scot <[email protected]mailto:[email protected]>
Date: Wednesday, May 13, 2015 at 11:57 AM
To: sandialabs/scot <[email protected]mailto:[email protected]>
Cc: jgomezrubio <[email protected]mailto:[email protected]>
Subject: Re: [scot] LDAP: Error Found 'Test User' but this user has no groups... (#17)
Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups.
We will probably need to know more about your LDAP setup to debug this one.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-101746393.
from scot.
After changing OpenLDAP to support rfc2703bis schema and using the memberOf overlay, finally was able to successfully validate against SCOT LDAP auth using the admin account. How do I use LDAP credentials for the SCOT HTTP basic authentication? Do I use the username@localdomain syntax?
From: Todd Bruner <[email protected]mailto:[email protected]>
Reply-To: sandialabs/scot <[email protected]mailto:[email protected]>
Date: Wednesday, May 13, 2015 at 11:57 AM
To: sandialabs/scot <[email protected]mailto:[email protected]>
Cc: jgomezrubio <[email protected]mailto:[email protected]>
Subject: Re: [scot] LDAP: Error Found 'Test User' but this user has no groups... (#17)
Do you have a "Test User" in you LDAP and if so is that "Test User" a member of any groups? I think that the error is saying, I was able to find 'Test User' in LDAP, but I didn't get back any groups. Reasons for this include invalid User ID attribute, invalid membership attribute, or "Test User" is not in any groups.
We will probably need to know more about your LDAP setup to debug this one.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-101746393.
from scot.
We have an update I need to apply that should help with your original problem. I'm glad you have got it to work though.
As for your second question, I apologize if I am not understanding the question, but SCOT looks for a session cookie, if it is not present, then you will get 401 which will prompt the browser to provide a basic auth popup. There you will enter username / password combination. I've never tried "username@domain" as a login, but it might work. It should be passed on to LDAP and if it can parse it, then we should be fine.
Hope that helps...
from scot.
Related Issues (20)
- Issues with Scot::Env module HOT 11
- install.sh fails to get elasticsearch gpg key HOT 3
- Install script ends abruptly HOT 2
- github linked demo times out HOT 1
- Demo site down ? HOT 5
- Multiple questions HOT 3
- RPM spec HOT 8
- Authentication failure after installation HOT 1
- Docker-Perl does not install HOT 3
- /var/log/mongo directory missing HOT 6
- game exited with code 255 HOT 1
- User Defined Forms Not Persisting Input Data
- Online demo not working HOT 2
- mongodb errors on first-time login HOT 5
- Failed to log in due to bad CSRF token. Please reload the page and then log in. Error: Failed CSRF check HOT 1
- build failed on AArch64, Fedora 33 HOT 6
- Issues with docker-compose.yml HOT 5
- Unable to log in to SCOT - bad CSRF token HOT 1
- How to set Email Injest Parser module for Arcsight HOT 1
- Is there any Docker image of SCOT for development purposes? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scot.