Hi All,
After building the images for AWX 3.0.1 I am seeing a new LDAP error.
2019-02-13 14:54:15,180 WARNING django_auth_ldap Caught LDAPError while authenticating : SERVER_DOWN({‘desc’: “Can’t contact LDAP server”, ‘info’: ‘error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)’},)
I have been using the same LDAP config and root_ca.pem file since AWX 1.0.6. But with the 3.0.1 release its not working anymore.
Has anyone seen or run into this before? My googling the error message and trying the suggested fixes have not worked. I have also checked the AWX code base for any LDAP settings but have not seen any that caught my eye.
This is probably just a user error on my end due to my lack of LDAP workings but any help would be appreciated.
Below is my settings in the api/v2/settings/ldap section.
{
“AUTH_LDAP_SERVER_URI”: “ldaps://<ldap_server>:636”,
“AUTH_LDAP_BIND_DN”: “CN=user,OU=ServiceAccounts,OU=CorpUsers,DC=winroot,DC=,DC=com”,
“AUTH_LDAP_BIND_PASSWORD”: “$encrypted$”,
“AUTH_LDAP_START_TLS”: false,
“AUTH_LDAP_CONNECTION_OPTIONS”: {
“OPT_NETWORK_TIMEOUT”: 30,
“OPT_REFERRALS”: 0,
“OPT_X_TLS_NEWCTX”: 0,
“OPT_X_TLS_CACERTFILE”: “/var/lib/awx/Root_CA.pem”,
},
“AUTH_LDAP_USER_SEARCH”: [
“DC=WINROOT,DC=,DC=com”,
“SCOPE_SUBTREE”,
“(sAMAccountName=%(user)s)”
],
“AUTH_LDAP_USER_DN_TEMPLATE”: null,
“AUTH_LDAP_USER_ATTR_MAP”: {
“first_name”: “givenName”,
“last_name”: “sn”,
“email”: “mail”
},
“AUTH_LDAP_GROUP_SEARCH”: [
“DC=WINROOT,DC=,DC=com”,
“SCOPE_SUBTREE”,
“(objectClass=group)”
],
“AUTH_LDAP_GROUP_TYPE”: “ActiveDirectoryGroupType”,
“AUTH_LDAP_GROUP_TYPE_PARAMS”: {},
“AUTH_LDAP_REQUIRE_GROUP”: null,
“AUTH_LDAP_DENY_GROUP”: null,
“AUTH_LDAP_USER_FLAGS_BY_GROUP”: {},
“AUTH_LDAP_ORGANIZATION_MAP”: {
“ORG 1”: {
“admins”: “cn=<admin_group>,ou=autogroups,OU=CorpGroups,dc=winroot,dc=,dc=com”,
“remove_admins”: true
},
},
“AUTH_LDAP_TEAM_MAP”: {
“TEAM 1”: {
“organization”: “ORG 1”,
“users”: “cn=,ou=autogroups,ou=corpgroups,dc=winroot,dc=,dc=com”,
“remove”: true
},
}
}