Comments (8)
Great idea. actually, libldap does support kerberos. It's a matter of proper setup and testing.
from ldap2pg.
@djkube would you mind help me testing kerberos once i got some code to test ?
from ldap2pg.
Sure, I can't have it sooner.
from ldap2pg.
Hi @djkube can you show me how you setup ldapsearch to query LDAP server with keytab ?
from ldap2pg.
Hi @bersace , I actually didn't tried using ldapsearch with keytab up to now, but figured it out after some fiddling.
I'm not sure what part of the setup you need, so I'll list the general direction and let me know if you need any details:
Everything bellow is on the client machine, except keytab preparation.
- realm join domain.com
- authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --ldapserver=dc.domain.com --enableldaptls --ldapbasedn=dc=domain,dc=com--enableshadow --enablerfc2307bis --enablemkhomedir --enablecachecreds --update (not all the parameters required)
- sssd.conf should be configured, say if you need any info.
- A keytab file should be created and saved in the client.
- If all is well, you should be able to run kinit '[email protected]' -t /etc/krb5.keytab
- If all is well, you should be able to run ldapsearch -Z -Y GSSAPI dc.domain.com -b DC=DOMAIN,DC=COM
from ldap2pg.
@bersace some additional info that may be relevant:
https://www.openldap.org/lists/openldap-technical/201509/msg00060.html
from ldap2pg.
@bersace tried it but if breaks on me:
[ldap2pg.config INFO] Starting ldap2pg 4.17.
[ldap2pg.config DEBUG] Trying ./ldap2pg.yml.
[ldap2pg.config INFO] Using /root/ldap2pg.yml.
[ldap2pg.config DEBUG] Read verbosity from argv.
[ldap2pg.config DEBUG] Read ldap:uri from YAML.
[ldap2pg.config DEBUG] Read postgres:databases_query from YAML.
[ldap2pg.config DEBUG] Read postgres:owners_query from YAML.
[ldap2pg.config DEBUG] Read postgres:managed_roles_query from YAML.
[ldap2pg.config DEBUG] Read postgres:schemas_query from YAML.
[ldap2pg.config DEBUG] Read privileges from YAML.
[ldap2pg.config DEBUG] Read sync_map from YAML.
[ldap2pg.config DEBUG] Configuration loaded.
[ldap2pg.script DEBUG] Connecting to LDAP directory.
[ldap2pg.ldap DEBUG] Ignoring: [Errno 2] No such file or directory: '/etc/ldap/ldap.conf'
[ldap2pg.ldap DEBUG] Found rcfile /root/ldaprc.
[ldap2pg.ldap DEBUG] Read TLS_CACERTDIR from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_NOCANON from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read URI from /root/ldaprc.
[ldap2pg.ldap DEBUG] Read BASE from /root/ldaprc.
[ldap2pg.ldap DEBUG] Found rcfile /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read TLS_CACERTDIR from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_NOCANON from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read URI from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read BASE from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read SASL_MECH from /root/.ldaprc.
[ldap2pg.ldap DEBUG] Read URI from YAML.
[ldap2pg.ldap DEBUG] Read HOST from YAML.
[ldap2pg.ldap DEBUG] Read PORT from YAML.
[ldap2pg.ldap DEBUG] Read BINDDN from YAML.
[ldap2pg.ldap DEBUG] Read PASSWORD from YAML.
[ldap2pg.ldap DEBUG] Read REFERRALS from YAML.
[ldap2pg.ldap DEBUG] Connecting to LDAP server ldap://dc.domain.com.
[ldap2pg.ldap DEBUG] Trying SASL GSSAPI auth.
[ldap2pg.script ERROR] Unhandled error:
[ldap2pg.script ERROR] Traceback (most recent call last):
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/script.py", line 94, in main
[ldap2pg.script ERROR] exit(wrapped_main(config))
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/script.py", line 34, in wrapped_main
[ldap2pg.script ERROR] ldapconn = ldap.connect(**config['ldap'])
[ldap2pg.script ERROR] File "/usr/local/lib/python3.6/site-packages/ldap2pg/ldap.py", line 247, in connect
[ldap2pg.script ERROR] conn.sasl_interactive_bind_s("", sasl.sasl(cb_values, auth))
[ldap2pg.script ERROR] NameError: name 'cb_values' is not defined
[ldap2pg.script ERROR] Please file an issue at https://github.com/dalibo/ldap2pg/issues with full log.
If you suspect anything is missing in my ldaprc let me know (ldapsearch susccefullly queries the ldap).
from ldap2pg.
Thank you so much @bersace!
from ldap2pg.
Related Issues (20)
- ERROR: ldap2pg.script: TypeError: unhashable type: 'dict' HOT 2
- Configure role per database HOT 2
- ldap2pg does not synchronize when using {cn} in name or parent HOT 2
- Is predefined role pg_signal_backend required when.using unpriv user? HOT 3
- Complex AD configuration V6.0 HOT 1
- Configure Python Version of ldap2pg v5.9 HOT 8
- Match different Active Directories HOT 5
- ldap2pg cron.d HOT 3
- endless loop when trying to create roles with parent HOT 3
- ldap2pg 6 in official postgres-common repository HOT 2
- Drop schema cascade? HOT 1
- Issue with Applying Privileges for All Schemas HOT 8
- Connect to different Postgres Servers
- Use GSSAPI for directory authentication HOT 8
- WARN Unexpected DN HOT 11
- Privileges for PostgreSQL procedures HOT 7
- fallback_owner HOT 5
- Typo in documentation
- Runtime error : invalid memory address or nil pointer dereference HOT 2
- Requesting a new build of 5.xversion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldap2pg.