Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

External authentication with OpenLDAP and Cloudera Manager 5

avatar
Contributor

Hello, I am having trouble to connect to cloudera Manager with a user from LDAP.

 

I configured a ldap server on the local machine, so the URI in cloudera Manager is ldap://localhost/dc=example,dc=com

 

 My ACL should allow anonymous auth:

 

access to attrs="userPassword"
by anonymous auth
by self write
by * none
access to *
by dn="uid=admin,dc=example,dc=com" write
by self write
by users read
by anonymous auth

 

When I do a search manually I can find the user:

 

[root@evl2400469 openldap]# ldapsearch -x -L -b "ou=people,dc=example,dc=com" -s sub -H ldap://localhost
version: 1

#
# LDAPv3
# base <ou=people,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# people, example.com
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

# toto1, people, example.com
dn: uid=toto1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uid: toto1
givenName: Toto1
sn: tt1
cn: Toto1
o: Example
title: System Administrator
userPassword:: e1NTSEF9T0xKaFNiaG9xOUlJTFY1YU9vQ0JzZVp3MDlUaTB1Rmgg

# search result

# numResponses: 3
# numEntries: 2

I am using this pattern:

uid={0},ou=people,dc=example,dc=com

 

I tried with and without LDAP Bind User Distinguished Name and LDAP Bind Password also.

 

But it seems it can't find it: 

cloudera_login_ldap.png

It says: "user name or password not valid"

 

I am trying to connect with:

 

dn: uid=toto1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
uid: toto1
givenName: Toto1
sn: tt1
cn: Toto1
userPassword: {SSHA}OLJhSbhoq9IILV5aOoCBseZw09Ti0uFh
o: Example

 

 

I use "toto1" as username and "password" as password (I used slappassword -h {SSHA} -s "password" to generate the password).

 

 

I really don't see where the problem is. 

 

Can you help me ? thanks.

 

Regards, Kevin.

 

Here are some logs from ldap server :

 

May 12 15:38:39 evl2400469 slapd[14256]: conn=14 fd=11 ACCEPT from IP=127.0.0.1:33908 (IP=0.0.0.0:389)
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" method=128
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=0 RESULT tag=97 err=0 text=
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
May 12 15:38:39 evl2400469 slapd[14256]: conn=14 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 ACCEPT from IP=127.0.0.1:34083 (IP=0.0.0.0:389)
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" method=128
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 BIND dn="uid=toto1,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=0 RESULT tag=97 err=0 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SRCH base="uid=toto1,ou=people,dc=example,dc=com" scope=0 deref=3 filter="(objectClass=*)"
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 op=2 UNBIND
May 12 15:41:15 evl2400469 slapd[14256]: conn=15 fd=12 closed
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH base="" scope=2 deref=3 filter="(member=uid=toto1,ou=people,dc=example,dc=com)"
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SRCH attr=cn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
May 12 15:41:15 evl2400469 slapd[14256]: conn=14 op=2 SEARCH RESULT tag=101 err=32 nentries=0 text=

 

 

--
Lefevre Kevin
1 ACCEPTED SOLUTION

avatar
Contributor

It seems that the base pattern is mandatory ! Even if it is not specidfied in the documentation 🙂

 

So I added the base pattern "dc=example,dc=com" and it worked.

--
Lefevre Kevin

View solution in original post

1 REPLY 1

avatar
Contributor

It seems that the base pattern is mandatory ! Even if it is not specidfied in the documentation 🙂

 

So I added the base pattern "dc=example,dc=com" and it worked.

--
Lefevre Kevin