Rafał Radecki
2012-05-30 11:51:43 UTC
Hi all.
I have a problem with ldap authentication in 0.19.7.
My server is OpenVZ container
CentOS release 5.5 (Final)
Linux racktables.superhost.pl 2.6.18-238.9.1.el5.028stab089.1ent #1 SMP Thu
Apr 14 14:41:35 MSD 2011 i686 i686 i386 GNU/Linux
My httpd server files from /var/www/html/racktables. There I have
inc/secret.php file:
less inc/secret.php
<?php
/* This file has been generated automatically by RackTables installer.
* you shouldn't normally edit it unless your database setup has changed.
*/
$pdo_dsn = 'mysql:host=localhost;dbname=racktables2';
$db_username = 'yyy';
$db_password = 'zzz';
// Default setting is to authenticate users locally, but it is possible to
// employ existing LDAP or Apache userbase. Uncommenting below two lines MAY
// help in switching authentication to LDAP completely.
// More info:
http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide
$user_auth_src = 'ldap';
$require_local_account = FALSE;
// This is only necessary for 'ldap' authentication source
$LDAP_options = array
(
'server' => 'ldap.xxx.pl',
# 'domain' => 'some.domain',
'search_dn' => 'ou=People,dc=xxx,dc=pl',
'search_attr' => 'uid',
'displayname_attrs' => 'givenname sn',
// LDAP cache, values in seconds. Refresh, retry and expiry values are
// treated exactly as those for DNS SOA record. Example values 300-15-600:
// unconditionally remeber successful auth for 5 minutes, after that still
// permit user access, but try to revalidate username and password on the
// server (not more often, than once in 15 seconds). After 10 minutes of
// unsuccessful retries give up and deny access, so someone goes to fix
// LDAP server.
'cache_refresh' => 300,
'cache_retry' => 15,
'cache_expiry' => 600,
);
?>
The .htaccess file in /var/www/html/racktables:
AuthName "XXX Racktables login"
My racktables database in mysql:
mysql> select * from UserAccount;
+---------+-----------+------------------------------------------+--------------------------+
| user_id | user_name | user_password_hash |
user_realname |
+---------+-----------+------------------------------------------+--------------------------+
| 1 | admin | xxx | RackTables Administrator |
+---------+-----------+------------------------------------------+--------------------------+
1 row in set (0.00 sec)
Through www gui in Main page -> Configuration -> Permissions I have:
allow {$userid_1}
.
.
.
allow {$username_rr}
allow {$username_mw}
Both users are in LDAP, both are used on other servers and are ok.
ldapsearch -b 'ou=People,dc=xxx,dc=pl' -h ldap.xxx.pl '*' -x | less
shows both accounts.
# rr, People, xxx.pl
dn: uid=rr,ou=People,dc=xxx,dc=pl
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
sn: R
gecos: R R
gidNumber: 855
homeDirectory: /home/rr
mail: rr-***@public.gmane.org
uid: rr
uidNumber: 855
givenName:: UmFmYcWC
cn:: UmFmYcWCIFJhZGVja2k=
loginShell: /bin/bash
# mw People, xxx.pl
dn: uid=mw,ou=People,dc=xxx,dc=pl
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
cn: M W
sn: W
gecos: M W
givenName: M
gidNumber: 867
homeDirectory: /home/mw
mail: mw-***@public.gmane.org
uid: mw
uidNumber: 867
loginShell: /bin/bash
Apache logs show only:
access_log:X.Y.W.Z - mw [30/May/2012:13:10:52 +0200] "GET /racktables/
HTTP/1.1" 401 342 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0)
Gecko/20100101 Firefox/12.0"
ssl_access_log:X.Y.W.Z - mw [30/May/2012:13:11:40 +0200] "GET /racktables/
HTTP/1.1" 401 342
Anu clue about where is the problem?
Best regards,
Rafal.
I have a problem with ldap authentication in 0.19.7.
My server is OpenVZ container
CentOS release 5.5 (Final)
Linux racktables.superhost.pl 2.6.18-238.9.1.el5.028stab089.1ent #1 SMP Thu
Apr 14 14:41:35 MSD 2011 i686 i686 i386 GNU/Linux
My httpd server files from /var/www/html/racktables. There I have
inc/secret.php file:
less inc/secret.php
<?php
/* This file has been generated automatically by RackTables installer.
* you shouldn't normally edit it unless your database setup has changed.
*/
$pdo_dsn = 'mysql:host=localhost;dbname=racktables2';
$db_username = 'yyy';
$db_password = 'zzz';
// Default setting is to authenticate users locally, but it is possible to
// employ existing LDAP or Apache userbase. Uncommenting below two lines MAY
// help in switching authentication to LDAP completely.
// More info:
http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide
$user_auth_src = 'ldap';
$require_local_account = FALSE;
// This is only necessary for 'ldap' authentication source
$LDAP_options = array
(
'server' => 'ldap.xxx.pl',
# 'domain' => 'some.domain',
'search_dn' => 'ou=People,dc=xxx,dc=pl',
'search_attr' => 'uid',
'displayname_attrs' => 'givenname sn',
// LDAP cache, values in seconds. Refresh, retry and expiry values are
// treated exactly as those for DNS SOA record. Example values 300-15-600:
// unconditionally remeber successful auth for 5 minutes, after that still
// permit user access, but try to revalidate username and password on the
// server (not more often, than once in 15 seconds). After 10 minutes of
// unsuccessful retries give up and deny access, so someone goes to fix
// LDAP server.
'cache_refresh' => 300,
'cache_retry' => 15,
'cache_expiry' => 600,
);
?>
The .htaccess file in /var/www/html/racktables:
AuthName "XXX Racktables login"
My racktables database in mysql:
mysql> select * from UserAccount;
+---------+-----------+------------------------------------------+--------------------------+
| user_id | user_name | user_password_hash |
user_realname |
+---------+-----------+------------------------------------------+--------------------------+
| 1 | admin | xxx | RackTables Administrator |
+---------+-----------+------------------------------------------+--------------------------+
1 row in set (0.00 sec)
Through www gui in Main page -> Configuration -> Permissions I have:
allow {$userid_1}
.
.
.
allow {$username_rr}
allow {$username_mw}
Both users are in LDAP, both are used on other servers and are ok.
ldapsearch -b 'ou=People,dc=xxx,dc=pl' -h ldap.xxx.pl '*' -x | less
shows both accounts.
# rr, People, xxx.pl
dn: uid=rr,ou=People,dc=xxx,dc=pl
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
sn: R
gecos: R R
gidNumber: 855
homeDirectory: /home/rr
mail: rr-***@public.gmane.org
uid: rr
uidNumber: 855
givenName:: UmFmYcWC
cn:: UmFmYcWCIFJhZGVja2k=
loginShell: /bin/bash
# mw People, xxx.pl
dn: uid=mw,ou=People,dc=xxx,dc=pl
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
cn: M W
sn: W
gecos: M W
givenName: M
gidNumber: 867
homeDirectory: /home/mw
mail: mw-***@public.gmane.org
uid: mw
uidNumber: 867
loginShell: /bin/bash
Apache logs show only:
access_log:X.Y.W.Z - mw [30/May/2012:13:10:52 +0200] "GET /racktables/
HTTP/1.1" 401 342 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:12.0)
Gecko/20100101 Firefox/12.0"
ssl_access_log:X.Y.W.Z - mw [30/May/2012:13:11:40 +0200] "GET /racktables/
HTTP/1.1" 401 342
Anu clue about where is the problem?
Best regards,
Rafal.