https://community.cloudera.com/t5/Archives-of-Support-Questions/External-authentication-with-OpenLDAP-and-Cloudera-Manager-5/m-p/12234#M1739 <P>Hello, I am having trouble to connect to cloudera Manager with a user from LDAP.</P><P>&nbsp;</P><P>I configured a ldap server on the local machine, so the URI in cloudera Manager is&nbsp;ldap://localhost/dc=example,dc=com</P><P>&nbsp;</P><P>&nbsp;My ACL should allow anonymous auth:</P><P>&nbsp;</P><PRE>access to attrs="userPassword" by anonymous auth by self write by * none access to * by dn="uid=admin,dc=example,dc=com" write by self write by users read by anonymous auth</PRE><P>&nbsp;</P><P>When I do a search manually I can find the user:</P><P>&nbsp;</P><PRE>[root@evl2400469 openldap]# ldapsearch -x -L -b "ou=people,dc=example,dc=com" -s sub -H ldap://localhost version: 1 # # LDAPv3 # base &lt;ou=people,dc=example,dc=com&gt; with scope subtree # filter: (objectclass=*) # requesting: ALL # # people, example.com dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people # toto1, people, example.com dn: uid=toto1,ou=people,dc=example,dc=com objectClass: inetOrgPerson uid: toto1 givenName: Toto1 sn: tt1 cn: Toto1 o: Example title: System Administrator userPassword:: e1NTSEF9T0xKaFNiaG9xOUlJTFY1YU9vQ0JzZVp3MDlUaTB1Rmgg # search result # numResponses: 3 # numEntries: 2</PRE><P>I am using this pattern:</P><P>uid={0},ou=people,dc=example,dc=com</P><P>&nbsp;</P><P>I tried with and without&nbsp;<STRONG>LDAP Bind User Distinguished Name</STRONG>&nbsp;and&nbsp;<STRONG>LDAP Bind Password&nbsp;</STRONG>also.</P><P>&nbsp;</P><P>But it seems it can't find it:&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="cloudera_login_ldap.png" style="width: 347px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/412i556EEA0B76E6F61A/image-size/large?v=v2&amp;px=999" role="button" title="cloudera_login_ldap.png" alt="cloudera_login_ldap.png" /></span></P><P>It says: "user name or password not valid"</P><P>&nbsp;</P><P>I am trying to connect with:</P><P>&nbsp;</P><PRE>dn: uid=toto1,ou=people,dc=example,dc=com objectClass: inetOrgPerson uid: toto1 givenName: Toto1 sn: tt1 cn: Toto1 userPassword: {SSHA}OLJhSbhoq9IILV5aOoCBseZw09Ti0uFh o: Example</PRE><P>&nbsp;</P><P>&nbsp;</P><P>I use "toto1" as username and "password" as password (I used slappassword -h {SSHA} -s "password" to generate the password).</P><P>&nbsp;</P><P>&nbsp;</P><P>I really don't see where the problem is.&nbsp;</P><P>&nbsp;</P><P>Can you help me ? thanks.</P><P>&nbsp;</P><P>Regards, Kevin.</P><P>&nbsp;</P><P>Here are some logs from ldap server :</P><P>&nbsp;</P><P>May 12 15:38:39 evl2400469 slapd[14256]: conn=14 fd=11 ACCEPT from IP=127.0.0.1:33908 (IP=0.0.0.0:389)<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 RESULT tag=97 err=0 text=<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 ACCEPT from IP=127.0.0.1:34083 (IP=0.0.0.0:389)<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" method=128<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 RESULT tag=97 err=0 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SRCH base="uid=toto1,ou=people,dc=example,dc=com" scope=0 deref=3 filter="(objectClass=*)"<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=2 UNBIND<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 closed<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Sep 2022 08:58:46 GMT Kulssaka 2022-09-16T08:58:46Z https://community.cloudera.com/t5/Archives-of-Support-Questions/External-authentication-with-OpenLDAP-and-Cloudera-Manager-5/m-p/12234#M1739 <P>Hello, I am having trouble to connect to cloudera Manager with a user from LDAP.</P><P>&nbsp;</P><P>I configured a ldap server on the local machine, so the URI in cloudera Manager is&nbsp;ldap://localhost/dc=example,dc=com</P><P>&nbsp;</P><P>&nbsp;My ACL should allow anonymous auth:</P><P>&nbsp;</P><PRE>access to attrs="userPassword" by anonymous auth by self write by * none access to * by dn="uid=admin,dc=example,dc=com" write by self write by users read by anonymous auth</PRE><P>&nbsp;</P><P>When I do a search manually I can find the user:</P><P>&nbsp;</P><PRE>[root@evl2400469 openldap]# ldapsearch -x -L -b "ou=people,dc=example,dc=com" -s sub -H ldap://localhost version: 1 # # LDAPv3 # base &lt;ou=people,dc=example,dc=com&gt; with scope subtree # filter: (objectclass=*) # requesting: ALL # # people, example.com dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people # toto1, people, example.com dn: uid=toto1,ou=people,dc=example,dc=com objectClass: inetOrgPerson uid: toto1 givenName: Toto1 sn: tt1 cn: Toto1 o: Example title: System Administrator userPassword:: e1NTSEF9T0xKaFNiaG9xOUlJTFY1YU9vQ0JzZVp3MDlUaTB1Rmgg # search result # numResponses: 3 # numEntries: 2</PRE><P>I am using this pattern:</P><P>uid={0},ou=people,dc=example,dc=com</P><P>&nbsp;</P><P>I tried with and without&nbsp;<STRONG>LDAP Bind User Distinguished Name</STRONG>&nbsp;and&nbsp;<STRONG>LDAP Bind Password&nbsp;</STRONG>also.</P><P>&nbsp;</P><P>But it seems it can't find it:&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="cloudera_login_ldap.png" style="width: 347px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/412i556EEA0B76E6F61A/image-size/large?v=v2&amp;px=999" role="button" title="cloudera_login_ldap.png" alt="cloudera_login_ldap.png" /></span></P><P>It says: "user name or password not valid"</P><P>&nbsp;</P><P>I am trying to connect with:</P><P>&nbsp;</P><PRE>dn: uid=toto1,ou=people,dc=example,dc=com objectClass: inetOrgPerson uid: toto1 givenName: Toto1 sn: tt1 cn: Toto1 userPassword: {SSHA}OLJhSbhoq9IILV5aOoCBseZw09Ti0uFh o: Example</PRE><P>&nbsp;</P><P>&nbsp;</P><P>I use "toto1" as username and "password" as password (I used slappassword -h {SSHA} -s "password" to generate the password).</P><P>&nbsp;</P><P>&nbsp;</P><P>I really don't see where the problem is.&nbsp;</P><P>&nbsp;</P><P>Can you help me ? thanks.</P><P>&nbsp;</P><P>Regards, Kevin.</P><P>&nbsp;</P><P>Here are some logs from ldap server :</P><P>&nbsp;</P><P>May 12 15:38:39 evl2400469 slapd[14256]: conn=14 fd=11 ACCEPT from IP=127.0.0.1:33908 (IP=0.0.0.0:389)<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 RESULT tag=97 err=0 text=<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation<BR />May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 ACCEPT from IP=127.0.0.1:34083 (IP=0.0.0.0:389)<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" method=128<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 RESULT tag=97 err=0 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SRCH base="uid=toto1,ou=people,dc=example,dc=com" scope=0 deref=3 filter="(objectClass=*)"<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=2 UNBIND<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 closed<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation<BR />May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Sep 2022 08:58:46 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/External-authentication-with-OpenLDAP-and-Cloudera-Manager-5/m-p/12234#M1739 Kulssaka 2022-09-16T08:58:46Z https://community.cloudera.com/t5/Archives-of-Support-Questions/External-authentication-with-OpenLDAP-and-Cloudera-Manager-5/m-p/12316#M1740 <P>It seems that the base pattern is mandatory ! Even if it is not specidfied in the documentation <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>So I added the base pattern "dc=example,dc=com" and it worked.</P> Wed, 14 May 2014 08:04:55 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/External-authentication-with-OpenLDAP-and-Cloudera-Manager-5/m-p/12316#M1740 Kulssaka 2014-05-14T08:04:55Z