Ldap Not working [ LDAP result code 49 ]

Get Help
, ,
1

Ansible Semaphore LDAP not working

I have installed ansible semaphore on ubuntu server, configured the config.json file as per ldap configuration we have. but getting following error as below:

Error Log:

WARN[0192] LDAP Result Code 49 "Invalid Credentials": 80090308: LdapErr: DSID:0C090597, comment: AcceptSecurityContext error, data 52, v4563

I have cross the ldap configuration, it seems to be correct as same configuration have been working in other apps.

ldap password does not contains any special characters.

I cannot put actual values here, but will try to write as close as possible:

Configuration:

{
  "ldap_binddn": "cn=<ldap-username>,dc=example,dc=org",
  "ldap_bindpassword": "ldap-password",
  "ldap_server": "ldap-host:389",
  "ldap_searchdn": "ou=xxxxxxx,dc=xxxx,dc=xxxx",
  "ldap_searchfilter": "(&(objectClass=user)(sAMAccountName=%s))",
  "ldap_mappings": {
    "dn": "dn",
    "mail": "mail",
    "uid": "sAMAccountName",
    "cn": "cn"
  },
  "ldap_enable": true,
  "ldap_needtls": false,
}

Need your support, I am not sure its a bug or my configuration issue. I have tried multiple combination but nothing seems to work so far.

Thanks…

2

Hi @mahmerz47

Have you confirmed the creds in the config can auth to your LDAP server from the ansible semaphore server using a different utility? Something like ldapsearch or ldapwhoami would be good to try.

The ansible semaphore docs also have some tshooting tips for this error.
Troubleshooting - Semaphore Docs

Best regards,

Joe

3

Yes, I did verified using ldap utility, also I can login to other services like outlook or windows login with same credentials. It works fine.

4

Are you using Microsoft AD or a different LDAP server like FreeIPA or OpenLDAP?

5

I am using Microsoft AD.

6

Gotcha, you may want to cross-post this on the Ansible Semaphore Github issues page to get some more eyes on it. Looking at what’s open now and what’s been closed, there have been various LDAP issues which have been identified and fixed. If you’re not on the latest version, I would upgrade to the current stable release and verify it’s still an issue.

The project maintainer seems to be pretty active and does say they test against OpenLDAP. I would include that you’re using MS AD and probably a sanitized output of the ldapwhoami command from the Ansible Semaphore server.

Ansible Semaphore Github Issues - LDAP

For this post, I would also put “Ansible Semaphore” in the title to see if that will grab some more attention from those users who have experience with the platform.

Best regards,

Joe

7

If you are using MS AD then it’s most likely that it is rejecting the simple bind request. AD has configuration options to disable binds that are not encrypted or protected with some sort of message verification so you either need to

  • Do the simple bind over LDAPS (TLS)
  • Use SASL/GSSAPI to authenticate your user

How you do that in Semaphore I don’t know.