WebADM setup not complete, not sure why...

[Stefan van Gelder]

I've setup openOTP en create a Active Directory coupling. I run the setup as well without any problems. However, I think I am still missing some important configurations because it's not working as it should be. On the login screen I get the 'No Domain defined - Using DN login' message still. I registered the OTP authentication server and activated it for some users. I registered a token too. But when I am trying to connect I get the message: 'Could not find any user domain'. In the OTP authentication server I am unable to set the 'default domain' with this message: 'invalid value for DefaultDomain'.

So it seems I've to configure a domain, but I didn't read something about this configuration in the manual or internet, so where to configure the last steps? At the home screen I see no LDAP configurations. Maybe this has something to do with it?

LDAP Configurations

Domains: 0 Local, 0 Trusts

LDAP MountPoints: 0

LDAP OptionSets: 0

Client Applications: 0 Ane help would be appreciated.

[Administrators]

Check the containers configurations in webadm.conf:

  optionsets_container  "cn=OptionSets,cn=WebADM,dc=mydomain,dc=com"

  webapps_container "cn=WebApps,cn=WebADM,dc=mydomain,dc=com"

  websrvs_container "cn=WebSrvs,cn=WebADM,dc=mydomain,dc=com"

  mountpoints_container "cn=Mountpoints,cn=WebADM,dc=mydomain,dc=com"

  domains_container "cn=Domains,cn=WebADM,dc=mydomain,dc=com"

  clients_container "cn=Clients,cn=WebADM,dc=mydomain,dc=com

The cn=WebADM will contains the WebADM configuration objects.

Ex. When you create a WebADM domain, it will be stored in the domains_container.

If the container is set correctly and you see it in the LDAP then you're just missing a WebAMD domain.

You can create it from the Create menu -> WebADM LDAP Domain.

You need to set the User Search Base to the LDAP container where you have your users.

Once the Domain is created you set it as Default Domain in the OpenOTP configuration.

[Stefan van Gelder]

Thanks. I've got the LDAP connection working now. Only one new problem... I locked myself out of the web interface. I've created the searchgroup and linked it to our OU where our users are located. Even my webadm account is unable to login, with or without FQDN.

 

The proxy user is still the webadm account. I should configure super admins I guess? Do I have to fill in the FQDN name? For example: cn=user,cn=container,dc=mydomain,dc=com. I obviously replaced it with a user which exists in my domain. Should this user has special permissions? The user account I use to login with is not working with the FQDN as described.

Op zondag 24 november 2013 15:22:03 UTC+1 schreef Administrators:

[Administrators]

If  by mistake you misconfigured the Domain and cannot login to the Admin interface, you can set auth_mode "DN" in the webadm.conf to use full DN instead of the user names to login. Repair the domain and switch back to auth_mode "UID".

The full DN of you admin(s) must be part of the super_admins or other_admins. Use super_admins for now.

For proxy user, you need an account which has admin permissions in the LDAP.

[Stefan van Gelder]

Thanks a lot. Got it all working now in combination with Citrix Access Gateway 5. I've set the wrong search directories.

Op dinsdag 26 november 2013 10:34:21 UTC+1 schreef Administrators: