Please help with AWX Configure OpenLDAP Authentication
1,199 views
Skip to first unread message
RedCrick
Dec 12, 2022, 8:06:34 PM12/12/22
to AWX Project
I am trying to configure Ansible AWX to use my ldap server to authentication.
I can use `ldapsearch` to query my ldap server like so ...
```
ldapsearch -H ldaps://ldap.example.com -D "cn=Manager,dc=example,dc=com" -W -b "dc=example.com"
```
And, of course, I had replaced `example.com` with my domain.
I also have an AWX (Opensource version of Ansible Tower). I am trying to configure my AWX to use my ldap server for authentication. So I logon to the AWC Web UI and go to settings and start fillout of the form for LDAP Auth:
```
LDAP Server URI: ldaps://ldap.example.com:636
LDAP Bind DN: cn=Manager,dc=example,dc=com
LDAP Bind Password: XXXXXXXXX
LDAP User DN Template: uid="%(user)s",dc=example,dc=com
LDAP Group Type: PosixUIDGroupType
```
I have no idea and I am just guessing at what I need to use for `LDAP User DN Template` or `LDAP Group Type`.
No matter what I have tried I cannot authenticate against my LDAP server :(
I can use `ldapsearch` to query my ldap server like so ...
```
ldapsearch -H ldaps://ldap.example.com -D "cn=Manager,dc=example,dc=com" -W -b "dc=example.com"
```
And, of course, I had replaced `example.com` with my domain.
I also have an AWX (Opensource version of Ansible Tower). I am trying to configure my AWX to use my ldap server for authentication. So I logon to the AWC Web UI and go to settings and start fillout of the form for LDAP Auth:
```
LDAP Server URI: ldaps://ldap.example.com:636
LDAP Bind DN: cn=Manager,dc=example,dc=com
LDAP Bind Password: XXXXXXXXX
LDAP User DN Template: uid="%(user)s",dc=example,dc=com
LDAP Group Type: PosixUIDGroupType
```
I have no idea and I am just guessing at what I need to use for `LDAP User DN Template` or `LDAP Group Type`.
No matter what I have tried I cannot authenticate against my LDAP server :(
RedCrick
Dec 13, 2022, 12:04:54 PM12/13/22
to AWX Project
I wrote up this question on stackoverflow https://stackoverflow.com/questions/74778614/how-to-configure-awx-to-authenticate-against-openldap
Please take a look :)
AWX Project
Dec 16, 2022, 1:40:17 PM12/16/22
to AWX Project
Hi! there is some ldap configuration docs here, https://docs.ansible.com/automation-controller/latest/html/administration/ldap_auth.html
AWX Team
RedCrick
Dec 21, 2022, 10:04:50 PM12/21/22
to AWX Project
How do I figure out what I should use for ldap group type?
The doc says:
Click to select a group type from the LDAP Group Type drop-down menu list.
But does give any useful details about why one would choose one group type and not another.
RedCrick
Dec 22, 2022, 2:47:34 PM12/22/22
to AWX Project
I was finally able to get LDAP Auth to work. The major problem I was having was that I was entering the WRONG PASSWORD!
The hard part was getting confirmation that the password I was submitting was indeed wrong and here is what I did to confirm
my configuration of LDAP Auth was correct in the "Settings > LDAP Default" where correct.
First thing I should have done was log on to AWX UI as 'admin' then go to 'Settings > Logging' and set "Logging Aggregator Level Threshold" to DEBUG.
Then one can check the log of the awx-demo-web container with these kubectl commands:
kubectl -n awx get pods
kubectl -n awx logs -f awx-demo-fdakfjas-adfkjadsf -c awx-demo-web
...
DEBUG ... django_auth_ldap search_s(....) returned 1 objects: ....
DEBUG ... django_auth_ldap Auth for user me: user DN/password rejected by LDAP server.
...
Reply all
Reply to author
Forward
0 new messages