I am having issues integration with LDAP/AD. LDAP bind functions. When I don’t specify “LDAP Require Group” I can authenticate a user against LDAP/AD. So I assume that my user search/DN template settings are correct. I see the following errors in awx_web log.
2018-11-08 07:24:57,771 DEBUG django_auth_ldap search_s(‘DC=global,DC=corp,DC=sap’, 2, ‘(&(objectClass=group)(member=cn=d069683,ou=d,ou=identities,dc=global,dc=corp,dc=sap))’) returned 106 objects:
2018-11-08 07:27:47,348 DEBUG django_auth_ldap search_s(‘OU=D,OU=Identities,DC=global,DC=corp,DC=’, 2, ‘(sAMAccountName=%(user)s)’) returned 1 objects: cn=,ou=d,ou=identities,dc=global,dc=corp,dc=domain
2018-11-08 07:27:47,358 WARNING django_auth_ldap Caught LDAPError while authenticating : REFERRAL({‘info’: ‘Referral:\nldap://corp.global./dn=automation_admin,ou=cloudms,ou=resources,dc=corp,dc=global,dc=’, ‘desc’: ‘Referral’},)
My settings are:
LDAP User DN Template -
LDAP Group Type - MemberDNGroupType
LDAP Require Group - DN=AUTOMATION_ADMIN,OU=CLOUDMS,OU=Resources,DC=corp,DC=global,DC=
LDAP Deny Group -
LDAP Start TLS - Off
LDAP User Search -
[
“OU=D,OU=Identities,DC=global,DC=corp,DC=”,
“SCOPE_SUBTREE”,
“(sAMAccountName=%(user)s)”
]
LDAP Group Search -
[
“DC=global,DC=corp,DC=”,
“SCOPE_SUBTREE”,
“(objectClass=group)”
]
LDAP User Attribute Map -
{
“first_name”: “givenName”,
“last_name”: “sn”,
“email”: “mail”
}