Hi,
I do not manage to connect to our AD.
I 've got this in our LDAP conf (See screenshot).
Is there anything else to do to connect our AD users on AWX ?
When I do this:
$> ldapsearch -H ldap://our_AD:389 -x -D “admin@our_AD” -b “dc=A,dc=D” “(sAMAccountName=awx)” -w PASSWORD
I’ve got a resut that shows it’s connecting well.
Any idea ??
Regards
Yan
Check your awx_Web container it will give you the errors. If you can give us the logs then we can help you
Hi,
Thx a lot for your answer.
I did it and this is what I obtain:
2021-02-19 09:10:23,009 DEBUG django_auth_ldap Authentication failed for awx@XXXXX: user DN/password rejected by LDAP server.
2021-02-19 09:10:23,085 WARNING awx.api.generics Login failed for user awx@XXXX from Y.Y.Y.Y
2021-02-19 09:10:23,090 WARNING django.request Unauthorized: /api/login/
2021-02-19 09:10:23,090 WARNING django.request Unauthorized: /api/login/
Here bellow the exact structure of infos I’m using (I just replaced the real infos with generic ones).
I also checked and the user awx is correctly defined into the AD.
{
“AUTH_LDAP_SERVER_URI”: “ldap://chd-dc1.office.chd”,
“AUTH_LDAP_BIND_DN”: “CN=Admin,OU=XXX,OU=YYY,DC=domain,DC=com”,
“AUTH_LDAP_BIND_PASSWORD”: “$encrypted$”,
“AUTH_LDAP_START_TLS”: false,
“AUTH_LDAP_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_USER_SEARCH”: ,
“AUTH_LDAP_USER_DN_TEMPLATE”: “uid=%(user)s,OU=Users,DC=doamin,DC=com”,
“AUTH_LDAP_USER_ATTR_MAP”: {
“first_name”: “givenname”,
“last_name”: “sn”,
“email”: “mail”
},
“AUTH_LDAP_GROUP_SEARCH”: [
“dc=domain,dc=com”,
“SCOPE_SUBTREE”,
“(objectClass=group)”
],
“AUTH_LDAP_GROUP_TYPE”: “ActiveDirectoryGroupType”,
“AUTH_LDAP_GROUP_TYPE_PARAMS”: {
“name_attr”: “cn”
},
“AUTH_LDAP_REQUIRE_GROUP”: null,
“AUTH_LDAP_DENY_GROUP”: null,
“AUTH_LDAP_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_ORGANIZATION_MAP”: {},
“AUTH_LDAP_TEAM_MAP”: {},
“AUTH_LDAP_1_SERVER_URI”: “”,
“AUTH_LDAP_1_BIND_DN”: “”,
“AUTH_LDAP_1_BIND_PASSWORD”: “”,
“AUTH_LDAP_1_START_TLS”: false,
“AUTH_LDAP_1_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_1_USER_SEARCH”: ,
“AUTH_LDAP_1_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_1_USER_ATTR_MAP”: {},
“AUTH_LDAP_1_GROUP_SEARCH”: ,
“AUTH_LDAP_1_GROUP_TYPE”: “MemberDNGroupType”,
“AUTH_LDAP_1_GROUP_TYPE_PARAMS”: {
“member_attr”: “member”,
“name_attr”: “cn”
},
“AUTH_LDAP_1_REQUIRE_GROUP”: null,
“AUTH_LDAP_1_DENY_GROUP”: null,
“AUTH_LDAP_1_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_1_ORGANIZATION_MAP”: {},
“AUTH_LDAP_1_TEAM_MAP”: {},
“AUTH_LDAP_2_SERVER_URI”: “”,
“AUTH_LDAP_2_BIND_DN”: “”,
“AUTH_LDAP_2_BIND_PASSWORD”: “”,
“AUTH_LDAP_2_START_TLS”: false,
“AUTH_LDAP_2_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_2_USER_SEARCH”: ,
“AUTH_LDAP_2_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_2_USER_ATTR_MAP”: {},
“AUTH_LDAP_2_GROUP_SEARCH”: ,
“AUTH_LDAP_2_GROUP_TYPE”: “MemberDNGroupType”,
“AUTH_LDAP_2_GROUP_TYPE_PARAMS”: {
“member_attr”: “member”,
“name_attr”: “cn”
},
“AUTH_LDAP_2_REQUIRE_GROUP”: null,
“AUTH_LDAP_2_DENY_GROUP”: null,
“AUTH_LDAP_2_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_2_ORGANIZATION_MAP”: {},
“AUTH_LDAP_2_TEAM_MAP”: {},
“AUTH_LDAP_3_SERVER_URI”: “”,
“AUTH_LDAP_3_BIND_DN”: “”,
“AUTH_LDAP_3_BIND_PASSWORD”: “”,
“AUTH_LDAP_3_START_TLS”: false,
“AUTH_LDAP_3_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_3_USER_SEARCH”: ,
“AUTH_LDAP_3_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_3_USER_ATTR_MAP”: {},
“AUTH_LDAP_3_GROUP_SEARCH”: ,
“AUTH_LDAP_3_GROUP_TYPE”: “MemberDNGroupType”,
“AUTH_LDAP_3_GROUP_TYPE_PARAMS”: {
“member_attr”: “member”,
“name_attr”: “cn”
},
“AUTH_LDAP_3_REQUIRE_GROUP”: null,
“AUTH_LDAP_3_DENY_GROUP”: null,
“AUTH_LDAP_3_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_3_ORGANIZATION_MAP”: {},
“AUTH_LDAP_3_TEAM_MAP”: {},
“AUTH_LDAP_4_SERVER_URI”: “”,
“AUTH_LDAP_4_BIND_DN”: “”,
“AUTH_LDAP_4_BIND_PASSWORD”: “”,
“AUTH_LDAP_4_START_TLS”: false,
“AUTH_LDAP_4_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_4_USER_SEARCH”: ,
“AUTH_LDAP_4_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_4_USER_ATTR_MAP”: {},
“AUTH_LDAP_4_GROUP_SEARCH”: ,
“AUTH_LDAP_4_GROUP_TYPE”: “MemberDNGroupType”,
“AUTH_LDAP_4_GROUP_TYPE_PARAMS”: {
“member_attr”: “member”,
“name_attr”: “cn”
},
“AUTH_LDAP_4_REQUIRE_GROUP”: null,
“AUTH_LDAP_4_DENY_GROUP”: null,
“AUTH_LDAP_4_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_4_ORGANIZATION_MAP”: {},
“AUTH_LDAP_4_TEAM_MAP”: {},
“AUTH_LDAP_5_SERVER_URI”: “”,
“AUTH_LDAP_5_BIND_DN”: “”,
“AUTH_LDAP_5_BIND_PASSWORD”: “”,
“AUTH_LDAP_5_START_TLS”: false,
“AUTH_LDAP_5_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 30
},
“AUTH_LDAP_5_USER_SEARCH”: ,
“AUTH_LDAP_5_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_5_USER_ATTR_MAP”: {},
“AUTH_LDAP_5_GROUP_SEARCH”: ,
“AUTH_LDAP_5_GROUP_TYPE”: “MemberDNGroupType”,
“AUTH_LDAP_5_GROUP_TYPE_PARAMS”: {
“member_attr”: “member”,
“name_attr”: “cn”
},
“AUTH_LDAP_5_REQUIRE_GROUP”: null,
“AUTH_LDAP_5_DENY_GROUP”: null,
“AUTH_LDAP_5_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_5_ORGANIZATION_MAP”: {},
“AUTH_LDAP_5_TEAM_MAP”: {}
}
Can you tell me what’s going wrong ?
Thx in advance.
Hi,
I am not an expert on ldap but looking at your setup compared to mine I have the LDAP User Attribute Map filled with something like this:
{
“first_name”: “givenName”,
“last_name”: “sn”,
“email”: “mail”
}
I recall having trouble with ldap before filling this field.
