Trouble with LDAP authentication in Docker
62 views
Skip to first unread message
Jordan Cox
Dec 8, 2022, 3:13:54 PM12/8/22
to nemo
Hi All,
I'm looking into switching our lab management over to NEMO so I'm getting a local install set up. I made it through the Docker installation instructions (I think correctly) and for some early tests I'd like to set up my settings.py file to use LDAP authentication through forumsys. I am using the NEMO.views.authentication.LDAPAuthenticationBackend but it looks like I'm running into some weird issues with the LDAP authentication step. This is definitely not my area of expertise, so I'm hoping someone will be able to help me figure out what I've done wrong.
I think the NEMO installation is working fine because I can get the login page when I connect to localhost:8000. I made a superuser account with one of the usernames from the forumsys list. But when I put in the username/password I get an error on the LDAP bind:
NEMO.views.authentication WARNING User einstein attempted to authenticate with LDAP (ldap.forumsys.com), but an error occurred. The user was denied access: user name not allowed in anonymous bind
I really have no clue where to go from here. For reference, the LDAP_SERVERS section of my settings.py file is:
LDAP_SERVERS = [
{
'url': 'ldap.forumsys.com',
'port': 389,
'use_ssl': False,
'bind_as_authentication': False,
'base_dn': 'dc=example,dc=com',
},
]
{
'url': 'ldap.forumsys.com',
'port': 389,
'use_ssl': False,
'bind_as_authentication': False,
'base_dn': 'dc=example,dc=com',
},
]
I'm happy to provide any other information if needed. Any tips or advice would be a huge help.
Thanks!
Jordan
mathieu...@gmail.com
Dec 8, 2022, 6:15:17 PM12/8/22
to nemo, jmc...@gmail.com
Hi Jordan, you actually found a bug. It will be fixed in the next version of NEMO.
In the meantime, you can use a workaround by adding 'bind_username': '' to your ldap config.
Sorry about that.
Mathieu
Jordan Cox
Dec 9, 2022, 9:48:46 AM12/9/22
to nemo, mathieu...@gmail.com, Jordan Cox
Hi Mathieu,
Thanks for letting me know! I added the line 'bind_username': 'einstein', to the LDAP_SERVER but I got the exact same error. I'm guessing it's because it's looking for both 'bind_username' and 'bind_password' in the LDAP_SERVERS settings to decide which authentication method to use.
179 authentication = SIMPLE if bind_username and bind_password else ANONYMOUS
So I tried putting both lines
'bind_username': 'einstein', and 'bind_password': 'password', into LDAP_SERVERS and now I'm getting some new behavior! Unfortunately it looks like a new error related to the LDAP bind DN:
NEMO.views.authentication WARNING User einstein attempted to authenticate with LDAP (ldap.forumsys.com), but an error occurred. The user was denied access: LDAPInvalidDNSyntaxResult - 34 - invalidDNSyntax - None - invalid DN - bindResponse - None
From what I can tell from a quick internet search, the error 34 is an "invalid DN" error. I'm guessing this is happening when the connection is made, but I do not know enough about LDAP to know what could be wrong with the DN. Do you (or does anyone) have any ideas?
Thanks again,
Jordan
mathieu...@gmail.com
Dec 9, 2022, 9:58:41 AM12/9/22
to nemo, jmc...@gmail.com, mathieu...@gmail.com
Hi Jordan,
I literally meant 'bind_username': ''
as in double single quotes (empty) to get around the bug
as in double single quotes (empty) to get around the bug
Jordan Cox
Dec 9, 2022, 12:01:33 PM12/9/22
to nemo, mathieu...@gmail.com, Jordan Cox
Hi Mathieu,
Oh, I see. I completely misunderstood, thanks! With that little fix in place I am through the authentication and on to the landing page!
Thanks again,
Jordan
Reply all
Reply to author
Forward
0 new messages