[SOLVED] Basic troubleshooting for LDAP authentication server

Started by CraigPutnam, January 14, 2016, 08:17:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 14, 2016, 08:17:47 PM Last Edit: January 16, 2016, 10:40:45 AM by franco
I am setting up OPNsense 15.7.18_1-amd64 (OpenSSL) hosted on ESXi-5.5.0. I am trying to set up an LDAP authentication server against a local Active Directory domain controller. When I click the Select button in the Containers section, I get the informative message: "Could not connect to the LDAP server. Please check your LDAP configuration."

So, my main question is, how in the world do I troubleshoot this? Are there any log files or other tests that could give me more information?
January 14, 2016, 09:09:49 PM #1
Can't help you with logs, but do upgrade to the latest version before continuing any further.

This is how have set it up, excluding the basic information/settings.
Protocol version: 3
Bind credentials\User DN: domain\serviceaccount
Search scope\Level: One level
Base DN: DC=domain,DC=local
Authentication containers: use Select here. Should work if you got the previous settings filled in correctly.
Extended query: take the default IIRC. Been a while since I set it up.
User naming attribute: samAccountName

That work for me(tm)
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
January 15, 2016, 07:45:50 AM #2 Last Edit: January 15, 2016, 07:52:02 AM by franco
Hi Craig,

The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.


Cheers,
Franco
January 15, 2016, 07:54:24 AM #3
Some more hints may be hidden here... http://php.net/manual/de/function.ldap-bind.php#103034
January 16, 2016, 03:08:15 AM #4
QuoteThe ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.

Much appreciated. :) The better the error messages, the faster I can figure out how and why I'm being stupid.

QuoteCan't help you with logs, but do upgrade to the latest version before continuing any further.

Good idea, so I did that. I like the updated menu layout.

I managed to resolve the issue, mostly by poking around and thinking really hard like a bear of very little brain. I had pointed the system to external DNS servers, but I was trying to resolve an internal host... Like I said, very little brain.

Once I pointed to a DNS server that could actually resolve my domain controller, everything worked great. I did notice one UI issue that might cause issues for others. The authentication containers selection window is non-resizeable (at least in IE 11), so if you have more than 7 containers, they spill off the bottom of the window. I resolved it by narrowing the search scope, but users in a complex organization would probably have to resort to typing the container DNs by hand.

Thanks for everyone's help!
January 16, 2016, 10:45:21 AM #5
Hi Craig,

Glad this worked out ok. I've relaxed the priority for the issue a little, but it's on file: https://github.com/opnsense/core/issues/669

Your suggestion has been filed as well: https://github.com/opnsense/core/issues/673


Cheers,
Franco
Print
Go Up Pages1
User actions