Can somebody help with ldap setup

74 views
Skip to first unread message

Dhiren Patil

unread,
Nov 11, 2015, 10:23:51 AM11/11/15
to scalr-discuss
I have a scalr running in on a single server.  I am using version: 5.8.29.oss~nightly.20150808154430.10.a7dadcb.327a6b0

I followed the documentation to configure ldap and ran the reconfigure.  I also set the debug value to true in the scalr-server.rb file.  

When i try to login i am getting following error: 
Incorrect login or password (1) 16:24 - LdapClient v-0.5
16:24 - isValidUser is called.
16:24 - LDAP Server is:ldaps://ourldapserver
port:636 - OK
16:24 - Bind username:uid=dhiren.patil@mycompany.com,ou=People,o=mycompany.com password:*************** - Failed

16:24 - Could not bind LDAP. Can't contact LDAP server


I was hoping to get more details after enabling the debug but i am not seeing it anywhere.  I am not finding any ldap output anwhere or ldap log file.



Any help will be appreciated.  
thanks

Dhiren Patil

unread,
Nov 11, 2015, 1:38:00 PM11/11/15
to scalr-discuss
So i changed the bindtype to 'simple' and now i see following error:

Incorrect login or password (1) 07:50 - LdapClient v-0.5
07:50 - isValidUser is called.
07:50 - LDAP Server is:ldaps://ourldapserver
port:636 - OK

07:50 - Bind username:dhiren.patil@mycompany.com  password:*************** - Failed

07:50 - Could not bind LDAP. Can't contact LDAP server

Madhu

unread,
Mar 23, 2016, 1:25:07 AM3/23/16
to scalr-discuss
Hi Dhiren,

Did you resolved the issue..?, if not please post your ldap config in scalr.

Jay Farschman

unread,
Mar 23, 2016, 10:27:27 AM3/23/16
to scalr-discuss
I did an LDAP configuration recently and ran into problems, mostly with my network and firewall, but also with the TLSCERT which is required for Microsoft AD. The way I resolved most thing was in debug mode, but also using port 389 and tcpdump to see conversation between the two systems.

I seem to remember one other thing where I tried to read our Employees OU which is further broken out by department:

OU=Employees
  OU=Client-Services
  OU=Development
  OU=ETC....

and it was not capable of reading the base_dn_groups as OU. Instead they have to be CN. I had to create and now (to my annoyance) maintain a directory structure like this:

OU=Security Groups
  CN=Client Services
  CN=Dev.... etc.


I'd be happy to help if anyone needs a hand.

Norberto Meijome

unread,
Mar 23, 2016, 5:45:50 PM3/23/16
to scalr-...@googlegroups.com

Hello,
Have you done basic troubleshooting?
The msg 'can't contact LDAP server ' is telling you something.
Can you connect with nc or telnet to that hostname on TCP/636 (as per your config?)...
Do normal LDAP CLI utils work as expected , etc...

--
You received this message because you are subscribed to the Google Groups "scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scalr-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages