LDAP authentication setup

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Developers, Moderators

Post Reply
duffrecords
Posts: 10
Joined: Fri Aug 03, 2012 6:58 pm

LDAP authentication setup

Post by duffrecords »

I have a working LDAP server (set up by a previous sysadmin, and a bit esoteric). From my Cacti server I can successfully query the LDAP server. The following command returns all usernames that begin with the letter "A."

ldapsearch -x -h ldap.example.com -b 'dc=ldap,dc=example,dc=com' 'cn=a*'

dn: cn=Full Name,ou=People,dc=ldap,dc=example,dc=com

However, I can't seem to figure out the correct settings to make Cacti authenticate against it. I've tried all three modes--no searching, anonymous searching, specific searching--but it always errors out. The interesting thing is when I try it in Firefox the error is "LDAP Error: General bind error, LDAP result: Inappropriate authentication" but in Safari it's "LDAP Search Error: General bind error, LDAP result: Server is unwilling to perform." The log on the LDAP server reflects the two differing error messages as well.
Attachments
Screen shot 2012-08-03 at 5.12.59 PM.png
Screen shot 2012-08-03 at 5.12.59 PM.png (218.81 KiB) Viewed 1603 times
suyashjain1980
Posts: 1
Joined: Mon Oct 15, 2012 7:09 am

Re: LDAP authentication setup

Post by suyashjain1980 »

i too getting the same error . Also i have noticed that when i am leaving password blank , then only it is occurring , i do not want to use password
mikygee
Cacti User
Posts: 88
Joined: Thu Jul 30, 2009 3:13 am

Re: LDAP authentication setup

Post by mikygee »

You're trying to do a specific search but I'm not sure your "Search Distingished Name" is properly configured
On my server Search Distingished Name: uid=admin_read_only,ou=people,dc=mycompany,dc=org and I added the passwords.
Your filter is also wrong, mine is Search Filter = (&(objectClass=GosaAccount)(uid=<username>)), becareful and use your proper objectClass and also I use uid not cn, do adapt to your needs

I'm not sure I understood your ldapsearch command but maybe you're allowed to do anonymous searches, in that case specify Mode = Anonymous Searches

The last option is to use Mode = No Searching, in that case configure Distinguished Name (DN) = uid=<username>,ou=people,dc=mycompany,dc=org

It has to work =)
Some info about my system
- Cacti: 0.8.8g / OpenBSD 6.6
- Third Party: Nginx 1.16.1 / PHP 7.3.10 / MariaDB 10.3.18v1 / NET-SNMP version 5.8p2 / RRDTool 1.7.2
- Plugins: Weathermap 0.97c / Settings 0.71 / Thold 0.5 / Flowview 1.1 / Realtime 0.5.2 / Predict 1.0
mikygee
Cacti User
Posts: 88
Joined: Thu Jul 30, 2009 3:13 am

Re: LDAP authentication setup

Post by mikygee »

After reading your second message, the option 2 that I wrote is for you: Anonymous Searches
Some info about my system
- Cacti: 0.8.8g / OpenBSD 6.6
- Third Party: Nginx 1.16.1 / PHP 7.3.10 / MariaDB 10.3.18v1 / NET-SNMP version 5.8p2 / RRDTool 1.7.2
- Plugins: Weathermap 0.97c / Settings 0.71 / Thold 0.5 / Flowview 1.1 / Realtime 0.5.2 / Predict 1.0
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest