Hello, I am having trouble to connect to cloudera Manager with a user from LDAP.
I configured a ldap server on the local machine, so the URI in cloudera Manager is ldap://localhost/dc=example,dc=com
My ACL should allow anonymous auth:
access to attrs="userPassword" by anonymous auth by self write by * none access to * by dn="uid=admin,dc=example,dc=com" write by self write by users read by anonymous auth
When I do a search manually I can find the user:
[root@evl2400469 openldap]# ldapsearch -x -L -b "ou=people,dc=example,dc=com" -s sub -H ldap://localhost version: 1 # # LDAPv3 # base <ou=people,dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # people, example.com dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people # toto1, people, example.com dn: uid=toto1,ou=people,dc=example,dc=com objectClass: inetOrgPerson uid: toto1 givenName: Toto1 sn: tt1 cn: Toto1 o: Example title: System Administrator userPassword:: e1NTSEF9T0xKaFNiaG9xOUlJTFY1YU9vQ0JzZVp3MDlUaTB1Rmgg # search result # numResponses: 3 # numEntries: 2
I am using this pattern:
uid={0},ou=people,dc=example,dc=com
I tried with and without LDAP Bind User Distinguished Name and LDAP Bind Password also.
But it seems it can't find it:
It says: "user name or password not valid"
I am trying to connect with:
dn: uid=toto1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uid: toto1
givenName: Toto1
sn: tt1
cn: Toto1
userPassword: {SSHA}OLJhSbhoq9IILV5aOoCBseZw09Ti0uFh
o: Example
I use "toto1" as username and "password" as password (I used slappassword -h {SSHA} -s "password" to generate the password).
I really don't see where the problem is.
Can you help me ? thanks.
Regards, Kevin.
Here are some logs from ldap server :
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 fd=11 ACCEPT from IP=127.0.0.1:33908 (IP=0.0.0.0:389)
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 RESULT tag=97 err=0 text=
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 ACCEPT from IP=127.0.0.1:34083 (IP=0.0.0.0:389)
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" method=128
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 RESULT tag=97 err=0 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SRCH base="uid=toto1,ou=people,dc=example,dc=com" scope=0 deref=3 filter="(objectClass=*)"
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=2 UNBIND
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 closed
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=
