I'm running OTRS 5s on my server and need to configure LDAP authentization in it.
currently i have this code:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'uid';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=tester,cn=adminuser,ou=users,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'tester';
last two lines should be ok but I'm getting this error on site
Panic, user authenticated but no user data can be found in OTRS DB!! Perhaps the user is invalid.
I also tried version which I found here and on other sites, but thats not working at all with following code:
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = '127.0.0.1';
$Self->{'AuthModule::LDAP::BaseDN'} = 'dc=domain,dc=com';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';
$Self->{'AuthModule::LDAP::GroupDN'} = 'cn=adminuser,ou=users,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::AccessAttr'} = 'member';
$Self->{'AuthModule::LDAP::UserAttr'} = 'DN';
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'cn=tester,cn=adminuser,ou=users,dc=domain,dc=com';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'tester';
but it results in wrong password or username and apache error.log calling
ERROR: OTRS-CGI-45 Perl: 5.20.2 OS: linux Time: Mon Dec 5 18:19:41 2016
Message: No UserID found for 'tester'!
both codes have
$Self->{'AuthModule::LDAP::Params'} = {
port => 389,
timeout => 120,
async => 0,
version => 3,
};
Appreciate any help, thanks.
User (agents) need to exists in the database before you can use LDAP authentication for them. Add them manually or configure the AuthSyncModule module.
Use the below parameters after the $Self->{'AuthModule::LDAP::Params'} section:
$Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {
UserFirstname => 'givenName',
UserLastname => 'sn',
UserEmail => 'mail',
};
Related
Trying to build twitter login using "react-native-twitter-signin": "^1.1.1" few days before it is working fine but now in android version it only return error Error: { NativeMap: {"email":"COULD_NOT_FETCH",... and in IOS email is null. below is my code snippet
_twitterSignIn = () => { RNTwitterSignIn.init(Constants.TWITTER_COMSUMER_KEY, Constants.TWITTER_CONSUMER_SECRET) RNTwitterSignIn.logIn() .then(loginData => { console.log(loginData)
if (loginData.authToken && loginData.authTokenSecret) {
var user = {}
user.social_type = 'twitter'
user.social_id = loginData.userID
user.email = loginData.email
user.name = loginData.name + " " + loginData.name
/// this._social_login(user)// after getting data perform action
}
}).catch(error => {
console.log(error)})}
Please help
so did anyone get any solution ?can anyone figure it out that it is library problem or twitter developer cosole settings problem? Though somany time I cross checked the developer console which is perfectly configured describe in doc. means for Email id fetching 'Request email from users' is on and also privacy & terms service urls are present. So any solution is highly appriciated. thank you
I'm trying to sync my local DB to remote one like this:
const DB_NAME = "my_db";
const REMOTE_DB_URL ="http://<admin>:<password>/<ip-address>:5984/my_db";
const localDB = new PouchDB(DB_NAME);
const remoteDB = new PouchDB(REMOTE_DB_URL);
localDB.sync(remoteDB)
.then(() => {
console.log("Sync done");
})
.catch(err => {
console.log(err);
});
This is the error I get:
message:"getCheckpoint rejected with " name:"unknown" result:{ok:
false, start_time: Mon Dec 18 2017 14:14:03 GMT+0100 (CET), docs_read:
0, docs_written: 0, doc_write_failures: 0, ...} status: 0
Local DB is working fine, but when try to replicate/sync to remote, always get error above
I am using
React Native 0.50.0
pouchdb-react-native: 6.3.4
Remote DB is CouchDB 2.1.1
To sync your CouchDB databases follow these steps:
Step 1:
Serve the remote DB through https, not http by using CouchDB's native SSL support, as indicated here:
http://docs.couchdb.org/en/1.3.0/ssl.html
Step 2:
Make sure you have CORS enabled, as indicated here: http://docs.couchdb.org/en/1.3.0/cors.html
I need help configuring freeradius with WPA2 Enterprise via LDAP.
LDAP normally works for other services, however, it does not work for WPA2E.
We have also managed WPA2E to work with hard coded username/password fine. So we know all the components on their own work, but do not work together.
We have the freeradius server configured fine to work with the LDAP service.
Any help is appreciated
Here is my ldap setting for free radius modules/ldap file (mostly irrelevant for this issue)
ldap {
server = "ldapmaster.domain.com,ldapslave.domain.com"
identity = "uid=binder,ou=services,dc=security,dc=domain,dc=com"
password = asdfasdfasdf
basedn = "ou=internal,ou=users,dc=security,dc=domain,dc=com"
filter = "(mail=%{%{Stripped-User-Name}:-%{User-Name}})"
ldap_connections_number = 5
max_uses = 0
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = yes
require_cert = "never"
}
dictionary_mapping = ${confdir}/ldap.attrmap
password_attribute = userPassword
edir_account_policy_check = no
keepalive {
idle = 60
probes = 3
interval = 3
}}
Also have the following setup for eap.conf
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = /dev/urandom
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
max_entries = 255
}
verify {
}
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
mschapv2 {
}}
Also have two sites enabled, default and inner-tunnel:
default
authorize {
preprocess
suffix
eap {
ok = return
}
expiration
logintime
ldap
}
authenticate {
eap
ldap
}
inner-tunnel
authorize {
mschap
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
expiration
ldap
logintime
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
ldap
}
Here is a sample log I am seeing in the debug logs:
https://gist.github.com/anonymous/10483144
You appear to of removed the symlink between sites-available/inner-tunnel and sites-enabled/inner-tunnel
If you look in the log it's complaining it can't find the inner-tunnel server, which it requires to perform MSCHAPv2 auth in the TLS tunnel of the PEAP authentication.
server {
PEAP: Setting User-Name to emre#domain.com
Sending tunneled request
EAP-Message = 0x0205001a01656d72654071756269746469676974616c2e636f6d
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "emre#domain.com"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
You add the symlink back, and list the ldap module at the top of the authorize section in the inner-tunnel server. You will also need to map the attribute holding the user's Cleartext-Password to the User-Password attribute, using the ldap attrmap file.
If you do not have the user's Cleartext-Password in the directory (for example if it's hashed), then you should use EAP-TTLS-PAP, and list the LDAP module in the authenticate section of the inner-tunnel server, then add:
if (User-Password) {
update control {
Auth-Type := LDAP
}
}
To the authorize section of the inner-tunnel server.
I was looking for a good ldap library for Dart for connecting Microsoft Active Directory. I found dartdap, but I can't seem to get it working. I'm 100% shure that my CN and password is correct, because I can connect to Active directory for example with lpap browser.
The error I get is:
Uncaught Error: Invalid Credentials (49) msg=80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
The ldap.yaml looks like this (address, password and username scrambled off course)
# LDAP configuration file
# default is used if no connection name is specified
default:
port: 389
host: xxx.xx.com
bindDN: cn=testaccount
password: xxxxxxxx
And the ldaptest.dart looks like this:
void readDataFromLDAPServer() {
var ldapConfig = new LDAPConfiguration("ldap.yaml","default");
var attrs = ["dn", "cn", "objectClass"];
var filter = Filter.substring("cn=A*");
var notFilter = Filter.not(filter);
ldapConfig.getConnection().then( (LDAPConnection ldap) {
ldap.search("dc=example,dc=com", filter, attrs).
listen( (SearchEntry entry) => print('Found $entry'));
// we expect to find non A entries
ldap.search("dc=example,dc=com", notFilter, attrs)
.listen( (SearchEntry entry) {
//print("Not search = ${entry}");
// todo: test entries.
});
});
}
Any idea, what might be wrong?
I am using the code below to successfully bind to a Microsoft AD server:
var host = "ip_address";
var ssl = false;
var port = null;
var bindDN = "accountname#domain.name";
var password = "password";
var connection = new LdapConnection(host: host);
connection.setProtocol(ssl, port);
connection.setAuthentication(bindDN, password);
Please note that my binding code differs from what you are using. I am also using an_ldap client for Dart 2.
I am using CAS + LDAP with Spring Security for user authentication for a Grails 2.2.3 app. However, I would also like to create a simple API with this application which will require a different authentication method. I would like to use Basic Authentication for this. However, adding basicAuth to my Config.groovy file is not working, and I am getting this error:
authentication.ProviderManager Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider
www.BasicAuthenticationFilter Authentication request for user: grantmc failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
I know I'm using the correct credentials, so I'm not sure what the error is saying exactly or what I need to do to fix it. Does anyone have any ideas?
Here are the settings in resources.groovy:
initialDirContextFactory(DefaultSpringSecurityContextSource, "ldap://ldap.company.com:389") {
userDn = "CN=Admin,OU=Users,DC=company,DC=com"
password = "password"
}
ldapUserSearch(FilterBasedLdapUserSearch,
"OU=Users,DC=company,DC=com",
"employeeId={0}",
initialDirContextFactory) { }
ldapUserDetailsMapper(MyLdapUserDetailsContextMapper) { }
ldapAuthoritiesPopulator(DefaultLdapAuthoritiesPopulator,
initialDirContextFactory,
"ou=Groups,OU=Users,DC=company,DC=com") {
groupRoleAttribute = "cn"
groupSearchFilter = "member={0}"
rolePrefix = ""
searchSubtree = true
convertToUpperCase = true
ignorePartialResultException = true
}
userDetailsService(LdapUserDetailsService, ldapUserSearch, ldapAuthoritiesPopulator) {
userDetailsMapper = ref('ldapUserDetailsMapper')
}
And my settings in config.groovy:
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas.company.com/cas'
grails.plugins.springsecurity.cas.loginUri = "/login"
grails.plugins.springsecurity.cas.serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']
grails.plugins.springsecurity.defaultTargetUrl = '/'
grails.plugins.springsecurity.alwaysUseDefault = false
grails.plugins.springsecurity.useBasicAuth = true
grails.plugins.springsecurity.basic.realmName = "API"
grails.plugins.springsecurity.filterChain.chainMap = [
'/api/**': 'JOINED_FILTERS,-exceptionTranslationFilter',
'/**': 'JOINED_FILTERS,-basicAuthenticationFilter,-basicExceptionTranslationFilter'
]
grails.plugins.springsecurity.securityConfigType = 'InterceptUrlMap'
grails.plugins.springsecurity.interceptUrlMap = [
'/api/**': ['IS_AUTHENTICATED_FULLY'],
'/**': ['IS_AUTHENTICATED_FULLY']
]