Hey folks,
I have been trying to get LDAP auth working for IcingaWeb2 for some time now but find myself stuck.
What I did:
- Install Icinga2 and IcingaWeb2 (with normal DB auth). Everything works.
- Create LDAP resource at Configuration -> Application -> Resources. Validation is successful with both LDAPS and LDAP.
- Create user backend at Configuration -> Application -> Authentication using the LDAP connection I just created. Validation is successful, correct amount of users is found.
- Create user group backend at Configuration -> Application -> Authentication using the LDAP connection I just created. Validation is successful, correct amount of groups is found.
- Login with LDAP user does not work. “Invalid username or password”. Copy paste username and password to other LDAP login, works perfectly.
Since IcingaWeb2 also ignores my log file configuration (which I created according to the documentation), I can’t find fruther information on why the auth is failing.
Here is my config, it’s only a test system so far. I’m currently using an LDAP admin to bind, because I was using a simple bind user before and thought there might be some kind of weird permission problem at play but that’s not the case. The user Administrator is allowed to anything in the LDAP.
I’d be very grateful for some help or experiences with this.
/etc/icingaweb2/resources.ini
[...] [ucs-ldap] type = "ldap" hostname = "localhost" port = "7636" encryption = "ldaps" root_dn = "dc=ucs,dc=demo" bind_dn = "uid=Administrator,cn=users,dc=ucs,dc=demo" bind_pw = "univention" timeout = "5"
Validation returns
Connect using LDAPS LDAP bind (uid=Administrator,cn=users,dc=ucs,dc=demo / ***) to ldaps://localhost:7636 successful OpenLDAP Supports STARTTLS: True Default naming context: dc=ucs,dc=demo
/etc/icingaweb2/authentication.ini
[...] [ucs] backend = "ldap" resource = "ucs-ldap" user_class = "inetOrgPerson" user_name_attribute = "uid" base_dn = "dc=ucs,dc=demo" domain = "ucs.demo"
Validation returns:
Connect using LDAPS LDAP bind (uid=Administrator,cn=users,dc=ucs,dc=demo / ***) to ldaps://localhost:7636 successful OpenLDAP Supports STARTTLS: True Default naming context: dc=ucs,dc=demo Searching for: objectClass "inetOrgPerson" in DN "dc=ucs,dc=demo" (Filter: None) 4 users found in backend
/etc/icingaweb2/groups.ini
[...] [ucs] resource = "ucs-ldap" user_backend = "ucs" group_class = "univentionGroup" group_name_attribute = "cn" group_member_attribute = "memberUid" base_dn = "cn=groups,dc=ucs,dc=demo" backend = "ldap"
Validation returns:
Connect using LDAPS LDAP bind (uid=Administrator,cn=users,dc=ucs,dc=demo / ***) to ldaps://localhost:7636 successful OpenLDAP Supports STARTTLS: True Default naming context: dc=ucs,dc=demo Searching for: objectClass "univentionGroup" in DN "cn=groups,dc=ucs,dc=demo" (Filter: None) 10 groups found in backend