OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • [SOLVED] Basic troubleshooting for LDAP authentication server
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Basic troubleshooting for LDAP authentication server  (Read 17864 times)

CraigPutnam

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
[SOLVED] Basic troubleshooting for LDAP authentication server
« on: January 14, 2016, 08:17:47 pm »
I am setting up OPNsense 15.7.18_1-amd64 (OpenSSL) hosted on ESXi-5.5.0. I am trying to set up an LDAP authentication server against a local Active Directory domain controller. When I click the Select button in the Containers section, I get the informative message: "Could not connect to the LDAP server. Please check your LDAP configuration."

So, my main question is, how in the world do I troubleshoot this? Are there any log files or other tests that could give me more information?
« Last Edit: January 16, 2016, 10:40:45 am by franco »
Logged

weust

  • Hero Member
  • *****
  • Posts: 644
  • Karma: 57
    • View Profile
Re: Basic troubleshooting for LDAP authentication server
« Reply #1 on: January 14, 2016, 09:09:49 pm »
Can't help you with logs, but do upgrade to the latest version before continuing any further.

This is how have set it up, excluding the basic information/settings.
Protocol version: 3
Bind credentials\User DN: domain\serviceaccount
Search scope\Level: One level
Base DN: DC=domain,DC=local
Authentication containers: use Select here. Should work if you got the previous settings filled in correctly.
Extended query: take the default IIRC. Been a while since I set it up.
User naming attribute: samAccountName

That work for me(tm)
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: Basic troubleshooting for LDAP authentication server
« Reply #2 on: January 15, 2016, 07:45:50 am »
Hi Craig,

The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.


Cheers,
Franco
« Last Edit: January 15, 2016, 07:52:02 am by franco »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: Basic troubleshooting for LDAP authentication server
« Reply #3 on: January 15, 2016, 07:54:24 am »
Some more hints may be hidden here... http://php.net/manual/de/function.ldap-bind.php#103034
Logged

CraigPutnam

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Basic troubleshooting for LDAP authentication server
« Reply #4 on: January 16, 2016, 03:08:15 am »
Quote
The ldap_bind() call is being muted in the code, that is indeed a bit hard to trace. I will try to improve the error reporting for 15.7.25 out on Monday.

Much appreciated. :) The better the error messages, the faster I can figure out how and why I'm being stupid.

Quote
Can't help you with logs, but do upgrade to the latest version before continuing any further.

Good idea, so I did that. I like the updated menu layout.

I managed to resolve the issue, mostly by poking around and thinking really hard like a bear of very little brain. I had pointed the system to external DNS servers, but I was trying to resolve an internal host... Like I said, very little brain.

Once I pointed to a DNS server that could actually resolve my domain controller, everything worked great. I did notice one UI issue that might cause issues for others. The authentication containers selection window is non-resizeable (at least in IE 11), so if you have more than 7 containers, they spill off the bottom of the window. I resolved it by narrowing the search scope, but users in a complex organization would probably have to resort to typing the container DNs by hand.

Thanks for everyone's help!
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13679
  • Karma: 1176
    • View Profile
Re: [SOLVED] Basic troubleshooting for LDAP authentication server
« Reply #5 on: January 16, 2016, 10:45:21 am »
Hi Craig,

Glad this worked out ok. I've relaxed the priority for the issue a little, but it's on file: https://github.com/opnsense/core/issues/669

Your suggestion has been filed as well: https://github.com/opnsense/core/issues/673


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 15.7 Legacy Series »
  • [SOLVED] Basic troubleshooting for LDAP authentication server
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2