You are here: Foswiki>Support Web>SupportQuestions>Question1830 (24 Oct 2016, ToddDesmarais)Edit Attach
-- ToddDesmarais - 24 Oct 2016

 

I am having an issue getting LDAP authentication credentials working with FOSWIKI 2.1.2 on a RHEL 7 server. LDAP is working correctly on the OS level, just not the application.

On the server:

[root@xetc]# more krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log

[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = XXXX.XXXXX.XXX default_ccache_name = KEYRING:persistent:%{uid}

[realms] ITSEC.SENATE.GOV = { kdc = **.****.**** admin_server = *.****.**** }

[domain_realm] .XXXX = XXXXX XXXXX = XXXXX

[root@x openldap]# more ldap.conf

TLS_CACERTDIR /etc/openldap/cacerts

# Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on URI ldap://XXXX:389/ BASE dc=XXXX,dc=XXXX,dc=XXXXX

[root@x sssd]# more sssd.conf [domain/default] debug_level = 3 autofs_provider = ldap cache_credentials = True krb5_realm = XXXX.XXXX.XXX ldap_search_base = dc=XXXX,dc=XXXX,dc=XXX krb5_server = xxxx.xxxx.x id_provider = ldap auth_provider = krb5 chpass_provider = krb5 ldap_uri = ldap://XXXX.XXXX.XXX:389 krb5_store_password_if_offline = True krb5_kpasswd = a-cyb-dc01.itsec.senate.gov

[sssd] domains = XXXX.XXXX.XXX config_file_version = 2 services = nss, pam

[domain/XXXX.XXX] ad_domain = XXXX.XXXX.XXX krb5_realm = XXXX.XXXX.XXX realmd_tags = manages-system joined-with-samba cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True #fallback_homedir = /home/%u@%d fallback_homedir = /home/%u access_provider = ad

[nss]

[pam]

The FOSWIKI configuration (Ldap only):

$Foswiki::cfg{Ldap}{AllowChangePassword} = 0; $Foswiki::cfg{Ldap}{Base} = 'dc=XXX,dc=XXX,dc=XXX'; $Foswiki::cfg{Ldap}{BindDN} = 'CN=xxxx,OU=xxxx,OU=xxx,DC=xxxx,DC=xxxx,DC=xxx'; $Foswiki::cfg{Ldap}{BindPassword} = '*****'; $Foswiki::cfg{Ldap}{CaseSensitiveLogin} = 0; $Foswiki::cfg{Ldap}{CharSet} = 'utf-8'; $Foswiki::cfg{Ldap}{Debug} = 1; $Foswiki::cfg{Ldap}{Exclude} = 'WikiGuest, ProjectContributor, RegistrationAgent, UnknownUser, AdminGroup, NobodyGroup, AdminUser, admin, guest'; $Foswiki::cfg{Ldap}{GroupAttribute} = ''; $Foswiki::cfg{Ldap}{GroupBase} = [ 'CN=Domain Users,CN=Users,DC=XXX,DC=XXX,DC=XXX' ]; $Foswiki::cfg{Ldap}{GroupFilter} = 'objectClass=group,top'; $Foswiki::cfg{Ldap}{GroupScope} = 'sub'; $Foswiki::cfg{Ldap}{Host} = 'xxx.xxx.xxx.xxx'; $Foswiki::cfg{Ldap}{IPv6} = 1; $Foswiki::cfg{Ldap}{IgnorePrivateGroups} = 1; $Foswiki::cfg{Ldap}{IgnoreReferrals} = 0; $Foswiki::cfg{Ldap}{InnerGroupAttribute} = 'memberUid'; $Foswiki::cfg{Ldap}{KerberosKeyTab} = '/etc/krb5.keytab'; $Foswiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName'; $Foswiki::cfg{Ldap}{LoginFilter} = 'objectClass=organization Unit,top'; $Foswiki::cfg{Ldap}{MailAttribute} = 'mail'; $Foswiki::cfg{Ldap}{MapGroups} = 1; $Foswiki::cfg{Ldap}{MaxCacheAge} = '86400'; $Foswiki::cfg{Ldap}{MemberAttribute} = 'member'; $Foswiki::cfg{Ldap}{MemberIndirection} = 0; $Foswiki::cfg{Ldap}{MergeGroups} = 0; $Foswiki::cfg{Ldap}{NormalizeGroupNames} = 0; $Foswiki::cfg{Ldap}{NormalizeLoginNames} = 0; $Foswiki::cfg{Ldap}{NormalizeWikiNames} = 1; $Foswiki::cfg{Ldap}{PageSize} = '500'; $Foswiki::cfg{Ldap}{Port} = '636'; $Foswiki::cfg{Ldap}{Precache} = 1; $Foswiki::cfg{Ldap}{PrimaryGroupAttribute} = 'gidNumber'; $Foswiki::cfg{Ldap}{RewriteGroups} = {}; $Foswiki::cfg{Ldap}{RewriteLoginNames} = {}; $Foswiki::cfg{Ldap}{RewriteWikiNames} = { '^(.*)@.*$' => '$1' }; $Foswiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS'; $Foswiki::cfg{Ldap}{SecondaryPasswordManager} = 'Foswiki::Users::HtPasswdUser'; $Foswiki::cfg{Ldap}{TLSCAFile} = 'xxx.cer'; $Foswiki::cfg{Ldap}{TLSCAPath} = '/etc/openldap/cacerts/'; $Foswiki::cfg{Ldap}{TLSClientCert} = 'xxx.cer'; $Foswiki::cfg{Ldap}{TLSClientKey} = ''; $Foswiki::cfg{Ldap}{TLSSSLVersion} = 'tlsv1'; $Foswiki::cfg{Ldap}{TLSVerify} = 'require'; $Foswiki::cfg{Ldap}{UseSASL} = 1; $Foswiki::cfg{Ldap}{UseTLS} = 1; $Foswiki::cfg{Ldap}{UserBase} = [ 'OU=Users,OU=XXXX,DC=XXX,DC=XXX,DC=XXX' ]; $Foswiki::cfg{Ldap}{UserMappingTopic} = ''; $Foswiki::cfg{Ldap}{UserScope} = 'sub'; $Foswiki::cfg{Ldap}{Version} = '3'; $Foswiki::cfg{Ldap}{WikiGroupsBackoff} = 1; $Foswiki::cfg{Ldap}{WikiNameAliases} = ''; $Foswiki::cfg{Ldap}{WikiNameAttributes} = 'cn';
Edit  | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 24 Oct 2016, ToddDesmarais
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy