By: Babu Angina user 26 Oct 2018 at 7:43 p.m. CDT

4 Responses
Babu Angina gravatar
I want to integrate with cloudera and authenticate externally with gluu ldap . With the configuration in cloudera I am not successfully login with the external users from gluu. So I want to test the users from cloudera server using ldapsearch and ldapwhoami. I can successfully do the ldapsearch using the bind user credentials but invalid credentials with the individual users . Am I missing any configurations? here are the command details. ldapsearch -v -x -H ldaps://host:1636 -D "cn=directory manager,o=gluu" -w 'password1' -b "o=gluu" 'uid=User Name' # @!52B7.C123.C61E.96EF!0001!AD2D.E031!0000!5912.EE2C.F285.8000, people, @!52B7 .C123.C61E.96EF!0001!AD2D.E031, gluu dn: inum=@!52B7.C123.C61E.96EF!0001!AD2D.E031!0000!5912.EE2C.F285.8000,ou=peop le,o=@!52B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu oxCreationTimestamp: 20181012170034.351Z uid: User Name givenName: User displayName: User Name sn: Uname mail: User_Name@ne.bah.com gluuStatus: active oxTrustEmail: {"operation":null,"value":"user_name@ne.bah.com","display":"User_Name@ne.bah.com","primary":true,"reference":null,"type":"other"} inum: @!52B7.C123.C61E.96EF!0001!AD2D.E031!0000!5912.EE2C.F285.8000 iname: *person*User Name cn:User User Name objectClass: top objectClass: gluuPerson gluuSLAManager: true memberOf: inum=@!52B7.C123.C61E.96EF!0001!AD2D.E031!0003!60B7,ou=groups,o=@!52 B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu role: WEBAPP_SUPER_ADMIN oxLastLogonTime: 20181025183025.159Z updatedAt: 20181025183404.424Z userPassword:: e0JDUllQVH0kMmIkMDgkRkM2L3BtQm1tYnhNRi5XRFA3WUtUZWxKNXFNZ1pTUHR -------------------------- This one gives invalid credentials error. Am I missing anything ? ldapsearch -v -x -H ldaps://host:1636 -D "uid=User Name,o=gluu" -w 'password2' -b "o=gluu" ldap_initialize( ldaps://10.194.9.91:1636/??base ) ldap_bind: Invalid credentials (49) same invalid credential error even if I use below commands. ldapwhoami -vvv -H ldaps://host:1636 -D 'cn=User Name,o=gluu' -x -w 'password2' ldapwhoami -vvv -H ldaps://host:1636 -D 'cn=User Name,ou=people,o=@!52B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu' -x -w 'password2'

By Mohib Zico staff 27 Oct 2018 at 2:17 a.m. CDT

Mohib Zico gravatar
You can connect Gluu Server's LDAP with LDAP browser or can do 'ldapsearch' inside Gluu Server to get the structure of LDAP tree there. A doc on how to connect Gluu Server's ldap is [here](https://gluu.org/docs/ce/3.1.2/user-management/local-user-management/) >> -D "uid=User Name,o=gluu" >> -D 'cn=User Name,o=gluu' >> -D 'cn=User Name,ou=people,o=@!52B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu' These all are invalid according to your first search result. If you wanna use 'cn' then it has to be exact 'cn' attribute value. Otherwise I would use 'uid'.

By Michael Schwartz Account Admin 28 Oct 2018 at 6:40 a.m. CDT

Michael Schwartz gravatar
also don't forget to use -Z for ssl, and -X for trust all certs.

By Babu Angina user 30 Oct 2018 at 11:38 a.m. CDT

Babu Angina gravatar
Hi Michael, We are using basic authentication in gluu . I am trying to bind with the user as you suggested but keep getting invalid credentials error. Do we need to use specific authentication in gluu to use uid/pw login externally? I am providing the right credentials in ldapsearch same as I am using in gluu. Is there anyway i can compare the credentials with the directory for the user I am binding with. I am not able to bind the user though I can bind with the directory manager. Please direct me if any function that compares the credentials or how to debug this particular scenario whether any specific configuration updates can resolve this issue. ldapwhoami -H ldaps://fqdn:1636 -D "uid=user,o=gluu" -w "password" ldap_bind: Invalid credentials (49) Thanks, Babu

By Babu Angina user 02 Nov 2018 at 3:53 p.m. CDT

Babu Angina gravatar
Hi Mike, Here are the logs from gluu server giving me the invalid credential error. Any input for the solution is appreciated. Nov 2 20:30:57 audit slapd[1976]: conn=1001 op=28518 SRCH base="ou=oxtrust,ou=configuration,inum=@!52B7.C123.C61E.96EF!0002!C684.5C8F,ou=appliances,o=gluu" scope=0 deref=0 filter="(objectClass=*)" Nov 2 20:30:57 audit slapd[1976]: conn=1001 op=28518 SRCH attr=oxRevision Nov 2 20:30:57 audit slapd[1976]: conn=1001 op=28518 SEARCH RESULT tag=101 err=0 duration=0.185ms nentries=1 text= Nov 2 20:30:57 audit slapd[1976]: conn=1000 op=28621 SRCH base="ou=trustRelationships,inum=@!52B7.C123.C61E.96EF!0002!C684.5C8F,ou=appliances,o=gluu" scope=2 deref=0 filter="(&(objectClass=top)(objectClass=gluuSAMLconfig))" Nov 2 20:30:57 audit slapd[1976]: conn=1000 op=28621 SRCH attr=description displayName gluuEntityType gluuContainerFederation gluuEntityId gluuIsFederation gluuProfileConfiguration gluuSAMLMetaDataFilter gluuSpecificRelyingPartyConfig gluuTrustContact gluuTrustDeconstruction iname inum gluuSAMLmaxRefreshDelay o gluuReleasedAttribute researchAndScholarshipEnabled oxAuthPostLogoutRedirectURI gluuSAMLspMetaDataFN gluuSAMLspMetaDataSourceType gluuSAMLspMetaDataURL gluuStatus url gluuValidationLog gluuValidationStatus Nov 2 20:30:57 audit slapd[1976]: conn=1000 op=28621 SEARCH RESULT tag=101 err=0 duration=0.463ms nentries=11 text= Nov 2 20:30:57 audit slapd[1976]: conn=1242 op=19261 SRCH base="ou=scripts,o=@!52B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu" scope=2 deref=0 filter="(&(&(objectClass=top)(objectClass=oxCustomScript))(|(oxScriptType=cache_refresh)(oxScriptType=update_user)(oxScriptType=user_registration)(oxScriptType=id_generator)(oxScriptType=scim)))" Nov 2 20:30:57 audit slapd[1976]: conn=1242 op=19261 SRCH attr=dn inum oxRevision oxScriptType oxModuleProperty gluuStatus Nov 2 20:30:57 audit slapd[1976]: conn=1242 op=19261 SEARCH RESULT tag=101 err=0 duration=0.253ms nentries=6 text= Nov 2 20:30:58 audit slapd[1976]: conn=1853 fd=25 ACCEPT from IP=10.192.45.145:35818 (IP=10.194.9.91:1636) Nov 2 20:30:58 audit slapd[1976]: conn=1853 fd=25 TLS established tls_ssf=128 ssf=128 Nov 2 20:30:58 audit slapd[1976]: conn=1853 op=0 BIND dn="uid=Babu Angina,o=gluu" method=128 Nov 2 20:30:58 audit slapd[1976]: conn=1853 op=0 RESULT tag=97 err=49 duration=0.087ms text= Nov 2 20:30:58 audit slapd[1976]: conn=1853 fd=25 closed (connection lost) Nov 2 20:30:58 audit slapd[1976]: conn=1854 fd=25 ACCEPT from IP=10.192.45.145:35820 (IP=10.194.9.91:1636) Nov 2 20:30:58 audit slapd[1976]: conn=1854 fd=25 TLS established tls_ssf=128 ssf=128 Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=0 BIND dn="cn=directory manager,o=gluu" method=128 Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=0 BIND dn="cn=directory manager,o=gluu" mech=SIMPLE ssf=0 Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=0 RESULT tag=97 err=0 duration=0.065ms text= Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=1 SRCH base="o=gluu" scope=2 deref=3 filter="(uid=babu angina)" Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=1 SEARCH RESULT tag=101 err=0 duration=0.108ms nentries=1 text= Nov 2 20:30:58 audit slapd[1976]: conn=1854 op=2 UNBIND Nov 2 20:30:58 audit slapd[1976]: conn=1854 fd=25 closed Nov 2 20:30:58 audit slapd[1976]: connection_read(25): no connection! Nov 2 20:30:58 audit slapd[1976]: conn=1855 fd=25 ACCEPT from IP=10.192.45.145:35822 (IP=10.194.9.91:1636) Nov 2 20:30:58 audit slapd[1976]: conn=1855 fd=25 TLS established tls_ssf=128 ssf=128 Nov 2 20:30:58 audit slapd[1976]: conn=1855 op=0 BIND dn="inum=@!52B7.C123.C61E.96EF!0001!AD2D.E031!0000!5912.EE2C.F285.8000,ou=people,o=@!52B7.C123.C61E.96EF!0001!AD2D.E031,o=gluu" method=128 Nov 2 20:30:58 audit slapd[1976]: slap_queue_csn: queueing 0x7f8d84185bd0 20181102203058.191285Z#000000#000#000000 Nov 2 20:30:58 audit slapd[1976]: slap_graduate_commit_csn: removing 0x7f8d84185bd0 20181102203058.191285Z#000000#000#000000 Nov 2 20:30:58 audit slapd[1976]: conn=1855 op=0 RESULT tag=97 err=49 duration=19.414ms text= Nov 2 20:30:58 audit slapd[1976]: conn=1855 fd=25 closed (connection lost)