ldap - Setting up slapd via Ansible debops.slapd -


i'm trying setup slapd service on ubuntu 16 machine using ansible , debops.slapd cannot working authentication , running.

my playbook file looks this:

--- - hosts: "{{hosts}}"   become: true   become_user: root   roles:     - role: debops.slapd       slapd_domain: 'development.local'       slapd_pki: false       slapd_config_admin_password: 'passwords/ldap-admin.password'       slapd_basedn_admin_password: 'passwords/ldap-admin.password'       slapd_ldapscripts: true       slapd_ldap_security_default: []       slapd_anonymous_bind: true

the passwords/ldap-admin.password file:

yoh7eque9ki0aitee5uquaichuteo0ti

directory structure

when launch ansible via command line ansible-playbook install-devserver-ubuntu.yml --ask-sudo-pass --extra-vars "hosts=ubuntu" installation proceeds correctly , slapd correctly installed on target machine:

play [ubuntu] ************************************************************************************************  task [gathering facts] *************************************************************************************** ok: [ubuntu]  task [debops.secret : create secret directories on ansible controller] ***************************************  task [debops.slapd : configure domain openldap in debconf] *********************************************** changed: [ubuntu] => (item=slapd/domain) changed: [ubuntu] => (item=shared/organization)  task [debops.slapd : configure database backend openldap in debconf] ************************************* changed: [ubuntu]  task [debops.slapd : install openldap packages] ************************************************************** changed: [ubuntu] => (item=[u'slapd', u'ldap-utils', u'python-ldap'])  task [debops.slapd : install helper scripts] ***************************************************************** ok: [ubuntu]  task [debops.slapd : copy custom ldap schema files] ********************************************************** ok: [ubuntu]  task [debops.slapd : load custom ldap schema files] ********************************************************** changed: [ubuntu] => (item=/usr/local/etc/ldap/schema/ldapns.ldif) changed: [ubuntu] => (item=/usr/local/etc/ldap/schema/openssh-lpk.ldif)  task [debops.slapd : check if administrator password hash exists] ******************************************** ok: [ubuntu -> localhost]  task [debops.slapd : read hash of config administrator password] ********************************************* ok: [ubuntu]  task [debops.slapd : generate config administrator password] ************************************************* skipping: [ubuntu]  task [debops.slapd : save hash of config administrator password] ********************************************* skipping: [ubuntu]  task [debops.slapd : set config administrator password] ****************************************************** changed: [ubuntu] => (item=(censored due no_log)) changed: [ubuntu] => (item=(censored due no_log))  task [debops.slapd : check if basedn administrator password hash exists] ************************************* ok: [ubuntu -> localhost]  task [debops.slapd : read hash of basedn administrator password] ********************************************* ok: [ubuntu]  task [debops.slapd : generate basedn administrator password] ************************************************* skipping: [ubuntu]  task [debops.slapd : save hash of basedn administrator password] ********************************************* skipping: [ubuntu]  task [debops.slapd : set basedn administrator] *************************************************************** ok: [ubuntu] => (item=(censored due no_log)) changed: [ubuntu] => (item=(censored due no_log))  task [debops.slapd : create path ldap password file in secrets] ******************************************* ok: [ubuntu]  task [debops.slapd : save basedn administrator password ansible] ***************************************** changed: [ubuntu -> localhost]  task [debops.slapd : add openldap system user additional groups] ****************************************** skipping: [ubuntu]  task [debops.slapd : check if tls certificate configured] ************************************************* ok: [ubuntu]  task [debops.slapd : create random temporary directory ldif file] **************************************** skipping: [ubuntu]  task [debops.slapd : prepare temporary ldif file] ************************************************************ skipping: [ubuntu]  task [debops.slapd : restart slapd (first time only)] ******************************************************** skipping: [ubuntu]  task [debops.slapd : configure tls certificates (first time only)] ******************************************* skipping: [ubuntu]  task [debops.slapd : configure tls certificates] ************************************************************* skipping: [ubuntu] => (item={'key': u'olctlsciphersuite', 'value': u'secure256:-vers-ssl3.0'}) skipping: [ubuntu] => (item={'key': u'olctlscertificatefile', 'value': u'/etc/pki/system/default.crt'}) skipping: [ubuntu] => (item={'key': u'olctlsdhparamfile', 'value': u''}) skipping: [ubuntu] => (item={'key': u'olctlscertificatekeyfile', 'value': u'/etc/pki/system/default.key'}) skipping: [ubuntu] => (item={'key': u'olctlscacertificatefile', 'value': u'/etc/pki/system/ca.crt'})  task [debops.slapd : allow anonymous bind] ******************************************************************* ok: [ubuntu] => (item={'key': u'olcdisallows', 'value': u'bind_anon'}) ok: [ubuntu] => (item={'key': u'olcrequires', 'value': u'authc'})  task [debops.slapd : allow anonymous bind (frontend)] ******************************************************** ok: [ubuntu] => (item={'key': u'olcrequires', 'value': u'authc'})  task [debops.slapd : deny anonymous bind, require authentication] ******************************************** skipping: [ubuntu] => (item={'key': u'olcdisallows', 'value': u'bind_anon'}) skipping: [ubuntu] => (item={'key': u'olcrequires', 'value': u'authc'})  task [debops.slapd : deny anonymous bind, require authentication (frontend)] ********************************* skipping: [ubuntu] => (item={'key': u'olcrequires', 'value': u'authc'})  task [debops.slapd : configure ldap connection security] ***************************************************** ok: [ubuntu]  task [debops.slapd : configure ldap indices] ***************************************************************** changed: [ubuntu]  task [debops.slapd : configure ldap access control list] ***************************************************** changed: [ubuntu]  task [debops.slapd : set slapd log level] ******************************************************************** ok: [ubuntu] => (item={'key': u'olcloglevel', 'value': u'none'})  task [debops.slapd : configure enabled services] ************************************************************* changed: [ubuntu]  task [debops.slapd : install ldapscripts packages] *********************************************************** ok: [ubuntu] => (item=[u'ldapscripts', u'ldap-utils', u'pwgen'])  task [debops.slapd : configure ldapscripts] ****************************************************************** ok: [ubuntu]  task [debops.slapd : configure ldapscripts password] ********************************************************* changed: [ubuntu]  task [debops.slapd : create snapshot task in cron] *********************************************************** ok: [ubuntu]  running handler [debops.slapd : restart slapd] *************************************************************** changed: [ubuntu]  play recap *************************************************************************************************** ubuntu                     : ok=28   changed=12   unreachable=0    failed=0

so far, can't connect ldap directory using admin user , admin password has been set parameters. test have installed phpldapadmin installation on same machine:

screenshot of phpldapadmin

entering password yoh7eque9ki0aitee5uquaichuteo0ti (which same 1 in password file) result in "invalid credentials".

running slapcat shows administrator account has been created:

dn: dc=development,dc=local objectclass: top objectclass: dcobject objectclass: organization o: development.local dc: development structuralobjectclass: organization entryuuid: 2b111f1a-058f-1037-9bc1-01ccfd85f1f8 creatorsname: cn=admin,dc=development,dc=local createtimestamp: 20170725141325z entrycsn: 20170725141325.508993z#000000#000#000000 modifiersname: cn=admin,dc=development,dc=local modifytimestamp: 20170725141325z  dn: cn=admin,dc=development,dc=local objectclass: simplesecurityobject objectclass: organizationalrole cn: admin description: ldap administrator userpassword:: e1ntsef9s1haveuvbvq1u0tbseu1rxhvyvvhmdm4ugvoss9znva= structuralobjectclass: organizationalrole entryuuid: 2b114558-058f-1037-9bc2-01ccfd85f1f8 creatorsname: cn=admin,dc=development,dc=local createtimestamp: 20170725141325z entrycsn: 20170725141325.510040z#000000#000#000000 modifiersname: cn=admin,dc=development,dc=local modifytimestamp: 20170725141325z

any ideas why authentication fails? did use correct mechanism pass password debops.slapd?

the debops.slapd role might not in working state @ moment; hasn't been touched year.

however, debops roles provide set of sane default values. did try running role without setting custom values in own first? role has an example playbook included, try 1 , see if service configured properly.

to debugging,you use apache directory studio low-level ldap client. debops.slapd role uses x.509 certificates maintained debops.pki role; if use that, might need add root ca certificate ads certificate store.


Comments

Post a Comment

Popular posts from this blog

networking - Vagrant-provisioned VirtualBox VM is not reachable from Ubuntu host -

this question exact duplicate of: puphpet/vagrant: unable access lamp vm ip address 1 answer i following basic vagrant tutorial , vagrant provisions box on ubuntu without complaining. moreover, can vagrant ssh vm. however, vm not reachable host: it's not possible ping it's ip address. what have achieved: installed virtualbox (5.1.24 r117012 (qt5.5.1)) , vagrant (1.9.7) onto ubuntu (16.04.2 lts) machine. provisioned vm vagrant up , vagrant finishes job , not complain. vagrant ssh works. i have manually installed lighttpd on guest vm , can ping/curl address: localhost within guest vm. this when trying reach guest vm host: ~/tmp/myfirstvagrantproject$ ping 172.22.22.22 ping 172.22.22.22 (172.22.22.22) 56(84) bytes of data. ... icmp_seq=4 destination net unreachable ... 171 packets transmitted, 0 received, +21 errors, 100% packet loss, time 173
Read more

c# - ASP.NET Core - There is already an object named 'AspNetRoles' in the database -

i'm receiving error applicationdbcontext database when trying update entity framework. i've googled, tried fixes here on so, no avail. i'm deleting database each time make change, once deploy, not option. here's error: pm> update-database -context applicationdbcontext system.data.sqlclient.sqlexception: there object named 'aspnetroles' in database. @ system.data.sqlclient.sqlconnection.onerror(sqlexception exception, boolean breakconnection, action 1 wrapcloseinaction) @ system.data.sqlclient.tdsparser.throwexceptionandwarning(tdsparserstateobject stateobj, boolean callerhasconnectionlock, boolean asyncclose) @ system.data.sqlclient.tdsparser.tryrun(runbehavior runbehavior, sqlcommand cmdhandler, sqldatareader datastream, bulkcopysimpleresultset bulkcopyhandler, tdsparserstateobject stateobj, boolean& dataready) @ system.data.sqlclient.sqlcommand.runexecutenonquerytds(string methodname, boolean async, int32 timeout, boolean
Read more

ruby on rails - ArgumentError: Missing host to link to! Please provide the :host parameter, set default_url_options[:host], or set :only_path to true -

i have built module in solidus , ruby on rails , try create tests. i trying create integration tests , have error: e error: prescriptionphotostest#test_/prescription_photos_post_endpoint_throws_an_error_when_wrong_params: argumenterror: missing host link to! please provide :host parameter, set default_url_options[:host], or set :only_path true test/integration/prescription_photos_test.rb:6:in `block in ' i read this , this , doesn't make difference. my code returning error on line: @user = factorygirl.create(:user) here code files. prescription_photos_rest.rb require 'test_helper' class prescriptionphotostest < actiondispatch::integrationtest setup spree::auth::config[:confirmable] = false @user = factorygirl.create(:user) end def authenticated_header token = knock::authtoken.new(payload: { sub: @user.id }).token { 'authorization': "bearer #{token}" } end test '/prescription_p
Read more