LDAP Connection Issue

  • Hi there,I just installed UCS with Active Directory-compatible Domain Controller module only.


    I also just installed OpenMediaVault with its Directory Service plugin.


    I wish to integrate OpenMediaVault with UCS Domain Controller but it seems not working.



    OpenMediaVault LDAP Settings
    Details:IP: 10.20.30.40
    domain: dc.mydomain.com
    Port: 389
    User: Administrator (UCS default)
    Enabled the Simple Authentication
    DN: DC=mydomain,DC=com



    LDAP Admin Connection Properties


    but it returned an error too...



    LDAP Admin Error Message

    With LDAPAdmin, anonymous test connection was successful.



    LDAP Admin - Anonymous Connection Successful


    Tried with GSS-API or GSS Negotiate with LDAPADMIN and LDAPADMINISTRATOR, it can connect to the LDAP and can browse the directory.


    AUTH.LOG
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
    Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable


    May I know what am I missing here? Thanks so much in advance.

  • The error message says TLS required.
    Check that box and test again

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • The ldap plugin is to connect to an ldap server to fetch users from there and authenticate them against that server when used with samba, fro or netatalk services. The plugin is not a server.


    Yes subzero79 I know it's a plugin, Directory Service. I'm asking for help on how to connect OMV with LDAP (SAMBA4). The screenshots were proofs that I have a working domain controller. I just needed help on how to integrate it with OMV. Thanks in advance.

  • I got confused by the screenshots. Let's see if the @dethegeek has any idea. Also the log suggests stronger encryption, maybe try tls. have you consulted the ucs manual?


    Thanks subzero79, just an update... I decided to replace UCS with Zentyal's Domain Controller, it's really much easier to manage.


    Regarding the Directory Service (LDAP) integration, I really don't know how to make it work this time with Zentyal DC...


    Can you kindly supply me a sample format with the correct details in that Directory Service plugin forms?


    Thanks so much in advance.


    Respectfully,
    Raleigh

  • First, I have the same issue. My LDAP server is NethServer and I connected successfully a NAS from QNAP to it. So I know the correct settings but this still not helping with the open media vault.


    According to this http://www.openldap.org/faq/data/cache/185.html there are 3 different types of LDAP connection:
    1) LDAP over port 389, called normal LDAP
    2) LDAP + TLS over 389, TLS upgrade for the normal LDAP
    3) LDAPS over port 636, called "LDAP over TLS/SSL" or "LDAP Secured"


    My QNAP supports ALL three and present them as:
    1) ldap://
    2) ldap://ldap+tls
    3) ladps://ldap+ssl


    Now, OpenMediaVault has only a toggle button between 1 and 3. Changing the toggle and saving (twice) you can see in the /etc/ldap/ldap.conf the changing of the URI from "ldap" to "ldaps". In my case for sure and probably for you as well, the the middle way is required LDAP+TLS over port 389. It must be mentioned the LDAPS is quite rare as far as I know.


    Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.

  • Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.


    Following work-arround works for me.


    After configuring the LDAP with the proper credentials via WebGUI, WITHOUT(!) SSL/TLS option issue following commands:


    echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
    echo "ssl start_tls" >> /etc/libnss-ldap.conf
    echo "ssl start_tls" >> /etc/pam_ldap.conf


    and then restart OpenMediaVault.


    Open issues:
    - I did not figure out how to insert this parameter over WebGUI. As 3 files must be modified probably is not possible to fix this via GUI with only two input fields ;)
    - each time the LDAP parameters are changed via the WebGUI, the above work around is going to be overwritten.


    Credit to: https://www.server-world.info/…s=Debian_8&p=openldap&f=4

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!