Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Bind DN not used when performing ldap search-based authentication
See original GitHub issueHi there, I’m attempting to set up a local Para + Scoold deployment with AD authentication. At the moment I can’t get any LDAP authentication to work because it seems like the bind_dn and bind_pass attributes are being ignored. I verified this by setting up a test ldap server (using the bitnami/openldap docker image). My Scoold ldap configuration is as follows:
scoold.security.ldap.server_url = "ldap://ldap:1389/"
scoold.security.ldap.base_dn = "dc=example,dc=org"
scoold.security.ldap.bind_dn = "cn=admin,ou=users,dc=example,dc=org"
scoold.security.ldap.bind_pass = "adminpassword"
In the logs of the ldap server, you can see the bind DN/pass not being passed along (these logs were generated when attempting to log in using ldap on Scoold):
62deb147.148f7ec0 0x7f05c11c4700 conn=1049 fd=12 ACCEPT from IP=10.242.132.150:38336 (IP=0.0.0.0:1389)
62deb147.1496e3a1 0x7f05c09c3700 conn=1049 op=0 BIND dn="" method=128
62deb147.14984e53 0x7f05c09c3700 conn=1049 op=0 RESULT tag=97 err=0 qtime=0.000012 etime=0.000109 text=
62deb147.14e93a60 0x7f05c11c4700 conn=1049 op=1 SRCH base="dc=example,dc=org" scope=2 deref=3 filter="(cn=asd)"
62deb147.14eaa05e 0x7f05c11c4700 conn=1049 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000019 etime=0.000137 nentries=0 text=
62deb147.150990e1 0x7f05c09c3700 conn=1049 op=2 UNBIND
For reference, a successful bind looks like this:
62deb325.159603fa 0x7f05c09c3700 conn=1055 fd=12 ACCEPT from IP=10.242.132.150:43486 (IP=0.0.0.0:1389)
62deb325.1599400d 0x7f05c11c4700 conn=1055 op=0 BIND dn="cn=user01,ou=users,dc=example,dc=org" method=128
62deb325.159b560b 0x7f05c11c4700 conn=1055 op=0 BIND dn="cn=user01,ou=users,dc=example,dc=org" mech=SIMPLE bind_ssf=0 ssf=0
62deb325.159c4143 0x7f05c11c4700 conn=1055 op=0 RESULT tag=97 err=0 qtime=0.000017 etime=0.000234 text=
62deb325.15c0aa4c 0x7f05c09c3700 conn=1055 op=1 UNBIND
62deb325.15c196ef 0x7f05c09c3700 conn=1055 fd=12 closed
Can you see something that I’m maybe doing wrong? Any help would be greatly appreciated.
Scoold version: 1.50.1 Para: v1.46.1
Issue Analytics
- State:
- Created a year ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi @albogdano, I got it to work, sorry for the confusion - I didn’t realize that it was possible to bind on AD not just using your full DN, but also using just your email address and password.
For those maybe stumbling across this in the future, when AD mode is enabled on Para it will attempt to bind using
your-email@ad-domain.comand your password. Since it can bind using just your email it doesn’t need a separate bind dn and password (as one would need for OpenLDAP).Yes, exactly. LDAP is indeed a bit confusing at times. Thank you for the detailed notes! 👍