By: Kishore Basa user 28 Jun 2016 at 2:17 p.m. CDT

5 Responses
Kishore Basa gravatar
Hello Team , Tried the setup on a new VM , Installation went up smooth this time with no errors. But ran into another Issue with the LDAP Authentication. I added an AD server in the Cache Refresh , perfectly done - all users sync to GLUU LDAP from AD. If i add the same AD server under Manage Authentication section ..it throws an error LDAP connection failed. Logs from wrapper.log and oxtrust.log. Now the worst part is i cannot switch back to the default authentication mode. I ran this ldap search command following the instructions /opt/opendj/bin/ldapsearch -h hostname -p 1389 -D "cn=directory manager" -j ~/.pw -b "ou=appliances,o=gluu" -s one "objectclass=*" oxAuthenticationMode An error occurred while parsing the command-line arguments: The provided value "/root/.pw" for argument -j is not acceptable: The file /root/.pw specified for argument bindPasswordFile does not exist Then browsed to the LDAP Properties file and grabbed the ldap bind password. I got into the Console , changed the LDAP authentication settings to GLUU LDAP (default settings ) and used the password from this file , but it still doesn't connect. cat /opt/apache-tomcat-7.0.65/conf/ox-ldap.properties Not sure if i'm missing something here , please suggest.. @ Mike - I created a .pw file with only a password in it. (hope thats correct) Now i keep getting this error **Connect Error Result Code: 91 (Connect Error)**

By Michael Schwartz Account Admin 28 Jun 2016 at 5:17 p.m. CDT

Michael Schwartz gravatar
I didn't quite follow how you unlocked yourself, but it sounds like you figured it out. If the AD authentication is failing: 1. check to make sure the port is open from the Gluu Server to AD 2. check AD access logs to make sure you see the request, and why it failed. 3. Include screenshot for your authentication settings to this ticket--it will help us spot any mistakes. 4. `ls -latr` to check the logs in `/opt/tomcat/logs` to see if you get any clues there. Regarding ldapsearch... make sure you do `service gluu-server-2.4.x login` so you are getting root profile from inside the container.

By Aliaksandr Samuseu staff 28 Jun 2016 at 7:07 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Kishore. Before we get to the issue at hand, just for your information: the button "Test LDAP connection" at the "Manage authentication page" doesn't work at the moment, it's a known issue. You shouldn't rely on messages it gives you. The backend authentication works, at the same time (if you setup it correctly).

By Aliaksandr Samuseu staff 28 Jun 2016 at 7:53 p.m. CDT

Aliaksandr Samuseu gravatar
Ok, I'm not perfectly sure where we are now. First, >Then browsed to the LDAP Properties file and grabbed the ldap bind password. I suppose you mean one of the files under `/opt/tomcat/conf`, perhaps `ox-ldap.properties`, correct? The string you can fetch from it IS ldap password, indeed, but you can't use it as it is, it's encrypted (to meet certain security requirements). Like, it may look like this: `k+HugP72Gdz+4JYQuRmqJQ==` To decrypt it, you must run this command (in the container): ``` # /opt/gluu/bin/encode.py -d k+HugP72Gdz+4JYQuRmqJQ== ``` ...it will give you ldap password in cleartext Now, I'm not sure what do you mean by that: >I got into the Console , changed the LDAP authentication settings to GLUU LDAP (default settings ) and used the password from this file , but it still doesn't connect. What "console" it was, web UI? Or linux command prompt?

By Aliaksandr Samuseu staff 28 Jun 2016 at 7:58 p.m. CDT

Aliaksandr Samuseu gravatar
Just to clarify what has been said above: this way you may acquire a password for `cn=directory manager`, which is admin user of Gluu's own ldap directory. I hope this is what you need atm.

By Kishore Basa user 29 Jun 2016 at 11:46 a.m. CDT

Kishore Basa gravatar
Thanks Aliaksandr, LDAP issue is now resolved , I can now authenticate using the AD users. Thanks for the help again. Kishore