BladeSystem - General
cancel
Showing results for 
Search instead for 
Did you mean: 

OA login through LDAP

 
Kefear
Occasional Contributor

OA login through LDAP

Hello,
I've been trying to integrate OpenLDAP server (on Centos) with Onboard Administrator.I've already setup slapd server with SSL support, loaded selfcreate certificates onto OA and created simple directory structure. When testing directory setting within OA I'm able to pass all the tests but User Authorization. I've tried to do some research to solve the problem but haven't found anything useful yet. Message from OA is like that:

"Initiating Directory Settings diagnostic for server 172.16.199.28
Accepting Directory Server certificate for /C=pl/ST=ds/L=wroclaw/O=nk/OU=infra/CN=hpsim/emailAddress=ww@nk.pl signed by /C=pl/ST=ds/O=nk/OU=infra/CN=hpsim/emailAddress=ww@nk.pl
Warning: certificate does not match Directory Server Address 172.16.199.28.

Test user cn=tlemanski,ou=users,dc=nk,dc=pl authenticated.
Unable to authorize test user.
Some diagnostics FAILED for server 172.16.199.28
Tests complete.

"
I can provide more information if needed. Any help will be appreciated.
Regards
4 REPLIES
HEM_2
Honored Contributor

Re: OA login through LDAP

OA firmware v2.51?
Kefear
Occasional Contributor

Re: OA login through LDAP

Was it a suggestion or question ? ;)
Currently we have 2.41 within this enclosure.
HEM_2
Honored Contributor

Re: OA login through LDAP

well, it was more of a question I guess. Looking at the release notes there doesn't appear to be any fixes related to LDAP in 2.51 so I'm not sure upgrading will necessarily help.

I know that LDAP authentication works with MS AD as I've messed with that before but don't have any exposure to OpenLDAP.

Have you tried tweaking your search strings or tried using a different username format?
Kefear
Occasional Contributor

Re: OA login through LDAP

Yep, I have already tried it.

This is my simple config:

# nk.pl
dn: dc=nk,dc=pl
objectClass: top
objectClass: organization
objectClass: dcObject
dc: nk
o: New Kent

# groups, nk.pl
dn: ou=groups,dc=nk,dc=pl
objectClass: organizationalUnit
ou: groups
description: Ludzie

# people, nk.pl
dn: ou=people,dc=nk,dc=pl
objectClass: organizationalUnit
ou:: cGVvcGxlIA==
description: Ludziska

# smith, people, nk.pl
dn: cn=smith,ou=people,dc=nk,dc=pl
objectClass: person
cn: smith
sn: smyf
userPassword:: ZHVwYQ==

# itpeople, groups, nk.pl
dn: cn=itpeople,ou=groups,dc=nk,dc=pl
objectClass: groupOfNames
cn: itpeople
description: IT GROUP
member: cn=smith,ou=people,dc=nk,dc=pl

# root, nk.pl
dn: cn=root,dc=nk,dc=pl
objectClass: organizationalRole
cn: root

# search result
search: 2
result: 0 Success

# numResponses: 7
# numEntries: 6

In OA I've got:
Directory Group:
cn=itpeople,ou=groups,dc=nk,dc=pl
Directory Settings:
Search context:
ou=people,dc=nk,dc=pl

Certificate is uploaded and I'my trying to log with user smith with password setup within his entry.