gheimdall + Active Directory
18 views
Skip to first unread message
EMCC
Nov 19, 2008, 3:37:29 PM11/19/08
to GHeimdall
Here is a problem I can't seem to work out. Log claims I'm not
binding, but the credintials I'm using work with softerra, and are
able to search and bind to AD. Can something not be correct outside
of the 'ldap stuff' that would cause this issue? Any comments would
be greatly appreciated!
# ldap stuff
apps.ldap_uri = 'ldap://student.xxxxx.xxx/'
apps.ldap_basedn = 'dc=student,dc=xxxxx,dc=xxx'
apps.ldap_filter = 'sAMAccountName=%s'
apps.ldap_rootdn = 'CN=Full DName............'
apps.ldap_rootpw = 'xxxxxxxxx'
apps.ldap_passwd_hash_style = '{SHA}'
----Error Log Snippet----
2008-11-19 14:05:59,060 gheimdall.controllers ERROR {'info':
'00000000: LdapErr: DSID-0C090627, comment: In order to perform this
operation a successful bind must be completed on the connection., data
0, vece', 'desc': 'Operations error'}
2008-11-19 14:06:01,533 gheimdall.controllers ERROR CherryPy 404 error
(404 - Not Found) for request 'GET /gheimdall/static/css/style.css/'
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 121, in _run
self.main()
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 256, in main
page_handler, object_path, virtual_path = self.mapPathToObject
(path)
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 326, in mapPathToObject
raise cherrypy.NotFound(objectpath)
NotFound: 404
binding, but the credintials I'm using work with softerra, and are
able to search and bind to AD. Can something not be correct outside
of the 'ldap stuff' that would cause this issue? Any comments would
be greatly appreciated!
# ldap stuff
apps.ldap_uri = 'ldap://student.xxxxx.xxx/'
apps.ldap_basedn = 'dc=student,dc=xxxxx,dc=xxx'
apps.ldap_filter = 'sAMAccountName=%s'
apps.ldap_rootdn = 'CN=Full DName............'
apps.ldap_rootpw = 'xxxxxxxxx'
apps.ldap_passwd_hash_style = '{SHA}'
----Error Log Snippet----
2008-11-19 14:05:59,060 gheimdall.controllers ERROR {'info':
'00000000: LdapErr: DSID-0C090627, comment: In order to perform this
operation a successful bind must be completed on the connection., data
0, vece', 'desc': 'Operations error'}
2008-11-19 14:06:01,533 gheimdall.controllers ERROR CherryPy 404 error
(404 - Not Found) for request 'GET /gheimdall/static/css/style.css/'
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 121, in _run
self.main()
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 256, in main
page_handler, object_path, virtual_path = self.mapPathToObject
(path)
File "/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py",
line 326, in mapPathToObject
raise cherrypy.NotFound(objectpath)
NotFound: 404
Takashi Matsuo
Nov 20, 2008, 8:32:37 PM11/20/08
to ghei...@googlegroups.com
Hi EMCC,
The current implementation of the ldapauth auth module is...
1) search against ldap server with uid with ANONYMOUS bind and
retrieve the user's distinguished name(DN).
2) try to bind with this user using this DN.
So, could you please make sure that your Active Directory allows
anonymous bind and search.
Or, you can also write your own auth module that bind with ldap_rootdn
first. That will work well.
Additionally, it seems that there is a problem with static-handler of
python-cherrypy. Maybe the reason of this error is a bug in
cherrypy. Could you tell me what version of cherrypy you are using?
# rpm -qa|grep cherrypy
If you use python-cherrypy-2.3.0-3.el5.noarch.rpm or similar version,
you can probably use the attached patch for the fix.
# cd /usr/lib/python2.4/site-packages/cherrypy/filters
# patch < /somewhere/cherrypy-staticfilter-fix.patch
Regards,
-- Takashi Matsuo
The current implementation of the ldapauth auth module is...
1) search against ldap server with uid with ANONYMOUS bind and
retrieve the user's distinguished name(DN).
2) try to bind with this user using this DN.
So, could you please make sure that your Active Directory allows
anonymous bind and search.
Or, you can also write your own auth module that bind with ldap_rootdn
first. That will work well.
Additionally, it seems that there is a problem with static-handler of
python-cherrypy. Maybe the reason of this error is a bug in
cherrypy. Could you tell me what version of cherrypy you are using?
# rpm -qa|grep cherrypy
If you use python-cherrypy-2.3.0-3.el5.noarch.rpm or similar version,
you can probably use the attached patch for the fix.
# cd /usr/lib/python2.4/site-packages/cherrypy/filters
# patch < /somewhere/cherrypy-staticfilter-fix.patch
Regards,
-- Takashi Matsuo
Mike T
Nov 20, 2008, 9:25:25 PM11/20/08
to ghei...@googlegroups.com
Thanks for the info... I wish I had the expertise to program this type of module. It will take some learning! From your point of view would this be a simple exercise or rather complicated?
Thank you again!!
Takashi Matsuo
Dec 3, 2008, 9:39:24 PM12/3/08
to ghei...@googlegroups.com
Hi Mike,
Sorry for late reply.
Modifying an existing module is not so complicated work I think.
Just copy ldapauth.py to myldapauth.py or something like that, and
edit new file, and set the new module name in the configuration file.
Happy coding :-)
-- Takashi Matsuo
Sorry for late reply.
Modifying an existing module is not so complicated work I think.
Just copy ldapauth.py to myldapauth.py or something like that, and
edit new file, and set the new module name in the configuration file.
Happy coding :-)
-- Takashi Matsuo
Reply all
Reply to author
Forward
0 new messages