LDAP Connection Issue

    • OMV 2.x
    • LDAP Connection Issue

      Hi there,I just installed UCS with Active Directory-compatible Domain Controller module only.

      I also just installed OpenMediaVault with its Directory Service plugin.

      I wish to integrate OpenMediaVault with UCS Domain Controller but it seems not working.
      [IMG:http://forum.univention.de/download/file.php?id=641&mode=view]


      OpenMediaVault LDAP Settings
      Details:IP: 10.20.30.40
      domain: dc.mydomain.com
      Port: 389
      User: Administrator (UCS default)
      Enabled the Simple Authentication
      DN: DC=mydomain,DC=com

      [IMG:http://forum.univention.de/download/file.php?id=643&mode=view]
      LDAP Admin Connection Properties

      but it returned an error too...

      [IMG:http://forum.univention.de/download/file.php?id=644&mode=view]
      LDAP Admin Error Message

      With LDAPAdmin, anonymous test connection was successful.

      [IMG:http://forum.univention.de/download/file.php?id=642&mode=view]
      LDAP Admin - Anonymous Connection Successful

      Tried with GSS-API or GSS Negotiate with LDAPADMIN and LDAPADMINISTRATOR, it can connect to the LDAP and can browse the directory.

      AUTH.LOG
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: failed to bind to LDAP server ldap://10.20.30.40:389: Strong(er) authentication required
      Jun 5 07:35:02 openmediavault start-stop-daemon: nss_ldap: could not search LDAP server - Server is unavailable

      May I know what am I missing here? Thanks so much in advance.
      Images
      • LDAPAdmin-AnonymousOK.jpg

        49.59 kB, 466×431, viewed 507 times
      • LDAPAdmin-ConnProperties.jpg

        48.31 kB, 466×431, viewed 387 times
      • LDAPAdmin-Error.jpg

        26.78 kB, 475×171, viewed 322 times
      • LDAPAdmin-LoginError.jpg

        51.61 kB, 466×431, viewed 355 times
      • OpenMediaVault-LDAP-Settings.jpg

        217.38 kB, 1,366×677, viewed 767 times
    • subzero79 wrote:

      The ldap plugin is to connect to an ldap server to fetch users from there and authenticate them against that server when used with samba, fro or netatalk services. The plugin is not a server.


      Yes subzero79 I know it's a plugin, Directory Service. I'm asking for help on how to connect OMV with LDAP (SAMBA4). The screenshots were proofs that I have a working domain controller. I just needed help on how to integrate it with OMV. Thanks in advance.
    • subzero79 wrote:

      I got confused by the screenshots. Let's see if the @dethegeek has any idea. Also the log suggests stronger encryption, maybe try tls. have you consulted the ucs manual?


      Thanks subzero79, just an update... I decided to replace UCS with Zentyal's Domain Controller, it's really much easier to manage.

      Regarding the Directory Service (LDAP) integration, I really don't know how to make it work this time with Zentyal DC...

      Can you kindly supply me a sample format with the correct details in that Directory Service plugin forms?

      Thanks so much in advance.

      Respectfully,
      Raleigh
    • First, I have the same issue. My LDAP server is NethServer and I connected successfully a NAS from QNAP to it. So I know the correct settings but this still not helping with the open media vault.

      According to this openldap.org/faq/data/cache/185.html there are 3 different types of LDAP connection:
      1) LDAP over port 389, called normal LDAP
      2) LDAP + TLS over 389, TLS upgrade for the normal LDAP
      3) LDAPS over port 636, called "LDAP over TLS/SSL" or "LDAP Secured"

      My QNAP supports ALL three and present them as:
      1) ldap://
      2) ldap://ldap+tls
      3) ladps://ldap+ssl

      Now, OpenMediaVault has only a toggle button between 1 and 3. Changing the toggle and saving (twice) you can see in the /etc/ldap/ldap.conf the changing of the URI from "ldap" to "ldaps". In my case for sure and probably for you as well, the the middle way is required LDAP+TLS over port 389. It must be mentioned the LDAPS is quite rare as far as I know.

      Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.
    • vedragan wrote:

      Unfortunatelly I have n o idea how to fix this... Theoretically the toggle must stay on disabled (LDAP without S) but there must be an option for the TLS upgrade.

      Following work-arround works for me.

      After configuring the LDAP with the proper credentials via WebGUI, WITHOUT(!) SSL/TLS option issue following commands:

      echo "TLS_REQCERT allow" >> /etc/ldap/ldap.conf
      echo "ssl start_tls" >> /etc/libnss-ldap.conf
      echo "ssl start_tls" >> /etc/pam_ldap.conf

      and then restart OpenMediaVault.

      Open issues:
      - I did not figure out how to insert this parameter over WebGUI. As 3 files must be modified probably is not possible to fix this via GUI with only two input fields ;)
      - each time the LDAP parameters are changed via the WebGUI, the above work around is going to be overwritten.

      Credit to: server-world.info/en/note?os=Debian_8&p=openldap&f=4

      The post was edited 1 time, last by vedragan ().