I am trying to setup AWX to connect to my AD environment and I continue to run into issues. I have gotten the user lookup to work. But it won’t log me in. Keeps complaining about a mapping. I don’t understand what I have wrong.
Here is my config:
`
{
“AUTH_LDAP_SERVER_URI”: “ldap://10.150.10.150:389”,
“AUTH_LDAP_BIND_DN”: “CN=ansible,OU=MY_ORG,DC=ad,dc=example,DC=local”,
“AUTH_LDAP_BIND_PASSWORD”: “$encrypted$”,
“AUTH_LDAP_START_TLS”: false,
“AUTH_LDAP_CONNECTION_OPTIONS”: {
“OPT_REFERRALS”: 0,
“OPT_NETWORK_TIMEOUT”: 300
},
“AUTH_LDAP_USER_SEARCH”: [
“OU=MY_ORG,DC=ad,DC=example,DC=local”,
“SCOPE_SUBTREE”,
“(&(objectClass=person)(sAMAccountName=%(user)s))”
],
“AUTH_LDAP_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_USER_ATTR_MAP”: {
“email”: “mail”,
“first_name”: “givenName”,
“last_name”: “sn”
},
“AUTH_LDAP_GROUP_SEARCH”: [
“CN=ansible-tower-users,OU=MY_ORG,DC=ad,DC=example,DC=local”,
“SCOPE_SUBTREE”,
“(&(member=CN=%(user)s),OU=MY_ORG,DC=ad,DC=example,DC=local)(objectClass=group))”
],
“AUTH_LDAP_GROUP_TYPE”: “ActiveDirectoryGroupType”,
“AUTH_LDAP_GROUP_TYPE_PARAMS”: {
“name_attr”: “cn”
},
“AUTH_LDAP_REQUIRE_GROUP”: null,
“AUTH_LDAP_DENY_GROUP”: null,
“AUTH_LDAP_USER_FLAGS_BY_GROUP”: {
“is_superuser”: [
“cn=ansible-tower-admins,OU=MY_ORG,DC=ad,DC=example,DC=local”
]
},
“AUTH_LDAP_ORGANIZATION_MAP”: {
“MY_ORG”: {
“users”: [
“CN=ansible-tower-users,OU=MY_ORG,DC=ad,DC=example,DC=local”
],
“remove_admins”: false,
“admins”: [
“CN=ansible-tower-admins,OU=MY_ORG,DC=ad,DC=example,DC=local”
],
“remove_users”: false
}
},
`
This is from the docker container logs:
`
2019-09-24 15:27:54,879 DEBUG django_auth_ldap search_s(‘OU=MY_ORG,DC=ad,DC=example,DC=local’, 2, ‘(&(objectClass=person)(sAMAccountName=%(user)s))’) returned 1 objects: cn=ellen ripley,ou=MY_ORG,dc=ad,dc=example,dc=local
2019-09-24 15:27:54,887 DEBUG django_auth_ldap Creating Django user ellen.ripley
2019-09-24 15:27:54,888 DEBUG django_auth_ldap Populating Django user ellen.ripley
2019-09-24 15:27:54,907 DEBUG django_auth_ldap cn=ellen ripley,ou=MY_ORG,dc=ad,dc=example,dc=local is a member of cn=ansible-tower-admins,ou=MY_ORG,dc=ad,dc=example,dc=local
2019-09-24 15:27:54,907 WARNING django_auth_ldap format requires a mapping while authenticating ellen.ripley
2019-09-24 15:27:54,907 ERROR awx.sso.backends Encountered an error authenticating to LDAP
Traceback (most recent call last):
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/awx/sso/backends.py”, line 128, in authenticate
return super(LDAPBackend, self).authenticate(request, username, password)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 150, in authenticate
user = self.authenticate_ldap_user(ldap_user, password)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 210, in authenticate_ldap_user
return ldap_user.authenticate(password)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 350, in authenticate
self._get_or_create_user()
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 609, in _get_or_create_user
populate_user.send(self.backend.class, user=self._user, ldap_user=self)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django/dispatch/dispatcher.py”, line 175, in send
for receiver in self._live_receivers(sender)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django/dispatch/dispatcher.py”, line 175, in
for receiver in self._live_receivers(sender)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/awx/sso/backends.py”, line 351, in on_populate_user
ldap_user._get_groups().get_group_dns()
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 909, in get_group_dns
group_infos = self._get_group_infos()
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/backend.py”, line 921, in _get_group_infos
self._group_search)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/config.py”, line 469, in user_groups
groups = search.execute(ldap_user.connection)
File “/var/lib/awx/venv/awx/lib64/python3.6/site-packages/django_auth_ldap/config.py”, line 148, in execute
filterstr = self.filterstr % filterargs
TypeError: format requires a mapping
2019-09-24 15:27:55,150 WARNING awx.api.generics Login failed for user ellen.ripley from 10.150.1.155
2019-09-24 15:27:55,171 WARNING django.request Unauthorized: /api/login/
2019-09-24 15:27:55,171 WARNING django.request Unauthorized: /api/login/
[pid: 156|app: 0|req: 128/212] 10.150.1.155 () {52 vars in 1051 bytes} [Tue Sep 24 15:27:54 2019] POST /api/login/ => generated 5951 bytes in 553 msecs (HTTP/1.1 401) 8 headers in 392 bytes (1 switches on core 0)
10.150.1.155 - - [24/Sep/2019:15:27:55 +0000] “POST /api/login/ HTTP/1.1” 401 5951 “http://automation01.asm.example.local/” “Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0” “-”
`