AD Authentication issue
78 views
Skip to first unread message
Kevin Murray
Mar 15, 2016, 12:10:13 PM3/15/16
to RatticDB
I am attempting to establish AD authentication with my instance of rattic, which is not working properly.
I do not receive any error messages, or anything relevant to LDAP in the apache logs, but the Staff Management page displays nothing under Access Groups, and I am unable to populate/select groups when attempting to create password entries. Also unable to login as any domain user.
Below is a sanitized version of the current state of the ldap section of local.cfg.
[ldap]
# LDAP Settings
uri = ldap://IP_ADDRESS:389
binddn = DOMAIN\rattic
bindpw = PASSWORD
userbase = ou=Users,dc=DOMAIN,dc=com
userfilter = (sAMAccountName=%(user)s)
groupbase = ou=Users,dc=DOMAIN,dc=com
groupfilter = (objectClass=group)
grouptype = NestedActiveDirectoryGroupType
staff = cn=RatticStaff,ou=Users,dc=DOMAIN,dc=com
requirecert = False
errorlevel = debug
This is not the only setup I have tried; I have used various forms for binddn; DOMAIN\rattic as listed, distinguished name cn=rattic,ou=Users,dc=DOMAIN,dc=com, and address rat...@DOMAIN.com.
I have looked at other postings in this group and attempted various permutations, none to any avail.
I have also verified that I can properly query ldap using these credentials via ldapsearch.
Any idea where the misconfiguration may lie, and why I'm not getting anything useful in the apache logs despite the error level being set to debug?
I do not receive any error messages, or anything relevant to LDAP in the apache logs, but the Staff Management page displays nothing under Access Groups, and I am unable to populate/select groups when attempting to create password entries. Also unable to login as any domain user.
Below is a sanitized version of the current state of the ldap section of local.cfg.
[ldap]
# LDAP Settings
uri = ldap://IP_ADDRESS:389
binddn = DOMAIN\rattic
bindpw = PASSWORD
userbase = ou=Users,dc=DOMAIN,dc=com
userfilter = (sAMAccountName=%(user)s)
groupbase = ou=Users,dc=DOMAIN,dc=com
groupfilter = (objectClass=group)
grouptype = NestedActiveDirectoryGroupType
staff = cn=RatticStaff,ou=Users,dc=DOMAIN,dc=com
requirecert = False
errorlevel = debug
This is not the only setup I have tried; I have used various forms for binddn; DOMAIN\rattic as listed, distinguished name cn=rattic,ou=Users,dc=DOMAIN,dc=com, and address rat...@DOMAIN.com.
I have looked at other postings in this group and attempted various permutations, none to any avail.
I have also verified that I can properly query ldap using these credentials via ldapsearch.
Any idea where the misconfiguration may lie, and why I'm not getting anything useful in the apache logs despite the error level being set to debug?
Reply all
Reply to author
Forward
0 new messages